Insights

Preamble

Money laundering and the financing of terrorism create a high risk to the integrity, reputation, stability and proper functioning, of the financial system. The ever-changing nature of money laundering and terrorist financing threats, which are facilitated by a constant evolution of technology and of the increasing means at criminals’ disposal, requires a permanent adaptation of the legal framework to counter such threats. Such a legal framework within the European Union (the “EU”) already exists, and has existed for a number of years. However, although on the whole successful, it also has to adapt and evolve with the passage of time and at par with the introduction of new tactics employed by possible money launderers and terrorists.

1. Background

Following a period of consultation with various stakeholders, which period of consultation had started consequently to the European Commission’s report to the European Parliament and Council, dated 11 April 2012^[1], on 5February 2013, the Commission adopted a proposal, a proposal also of relevance to the European Economic Area (EEA) countries,^[2] for a directive of the European Parliament and of the Council on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing. This Directive, known as the Fourth Anti-Money Laundering Directive (the “4AMLD”)^[3], is aimed at the reinforcement of the EU’s existing rules on anti-money laundering and the combating of the funding of terrorism (“AML-CFT”). As part of the same package the Commission also adopted, on the same date, a proposal for a regulation of the European Parliament and Council on information accompanying transfers of funds.^[4] The aim of this proposed regulation is essentially to secure due traceability of these transfers, and to revise Regulation (EC) No 1781/2006 on information on the payer accompanying transfers of funds^[5] in ways which improve traceability of payments and ensure that the EU framework remains fully compliant with international standards.^[6]

On the adoption of these proposals by the Commission, Home Affairs Commissioner Cecilia Malmström stated:

Dirty money has no place in our economy, whether it comes from drug deals, the illegal guns trade or trafficking in human beings. We must make sure that organised crime cannot launder its funds through the banking system or the gambling sector. To protect the legal economy, especially in times of crisis, there must be no legal loopholes for organised crime or terrorists to slip through. Our banks should never function as laundromats for mafia money, or enable the funding of terrorism.^[7]

Plans are also in place to propose criminal law harmonisation for the offence of money laundering.^[8] The proposal for the 4AMLD complements other actions taken or planned by the Commission in respect of the fight against crime, corruption, and tax evasion. Separately, the Commission is seeking the establishment of common minimum rules for how severely money laundering offences could be punished.^[9]

The proposal for the 4AMLD is a response to changes, an overhaul in fact, at an international level, made to the Recommendations adopted by the Financial Action Task Force (the “FATF”) in February 2012 and a review conducted by the Commission on the implementation of Directive 2005/60/EC which is also known as the Third Anti-Money Laundering Directive, (the “3AMLD”).^[10] The Commission undertook an impact assessment,^[11] where it analysed the potential consequences of money laundering and terrorism financing. It also analysed the impact of the legislative proposals on fundamental rights. The proposed revision of the 3AMLD is complementary to the revised FATF Recommendations which represent a substantial strengthening of the AML-CFT framework. On some issues, the 4AMLD even expands on the FATF’s requirements and provides additional safeguards. The 4AMLD will eventually repeal the 3AMLD. The best rationale for the necessity to amend the 3AMLD is highlighted in the Explanatory Memorandum of the Commission’s proposal. However, it is unofficially noted that the prevailing climate of anger against banks with insufficient AML-CFT mitigating measures, which led to huge fines being imposed on them, also played a part in the proposed new regime.^[12]

2. Timelines

The legislative process has been a long one. On 6 February 2013, a day after the adoption of the Commission’s proposal, the proposal was transmitted to both the European Parliament and the Council of Ministers under the ordinary legislative procedure.

The Committee on Economic and Monetary Affairs jointly with the Committee on Civil Liberties, Justice and Home Affairs, adopted the report by Krišjānis Kariņš (EPP, Latvia) and Judith Sargentini (Greens/EFA, The Netherlands) on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing which, on 28 February 2014, was tabled for the plenary sitting.^[13] Various substantial changes and enhancements were provided for in this report. The parliamentary committee recommended that the European Parliament’s position adopted at first reading, following the ordinary legislative procedure, should amend the Commission’s proposal.

The European Parliament debated and voted on its first reading^[14] of the two draft legislations on 11 March 2014 and, consolidated the work done until then, handing it over to the next composition of the European Parliament after its elections held between 22-25 May 2014. This ensured that the new MEPs could decide not to start from scratch, but build on the work done during the previous term. The legislative resolution was passed by 643 votes to 30 with 12 abstentions. Five Maltese MEPs^[15] voted against the parliamentary resolution on the 4AMLD.^[16] The vote was not the final decision as the Council could reject the position of the European Parliament. In fact, the proposed directive is long awaiting the Council’s first reading and the budgetary conciliation convocation.  At present there is political agreement in the Council on its first reading position.

A series of opinions were then published. On 17 May 2013, the European Central Bank issued its opinion on the proposal for the 4AMLD, as well as on the proposal for a regulation on information accompanying transfers of funds.^[17] The European Economic and Social Committee issued its opinion on these two proposals on 23 May 2013,^[18] while on 4 July 2013 an opinion on both proposals was issued by the European Data Protection Supervisor.^[19]

Considering the lack of time available ahead of the elections to agree on a first reading agreement with the Council, the European Parliament decided that it did not want to engage in negotiations with the Council and aimed at starting a second reading procedure. Discussions about the 4AMLD had been taking place in the Council on a regular basis. The Council indicated that it was still aiming to reach an agreement under the first reading procedure during the second half of 2014, under the Italian Presidency.

A further amended draft of the proposal of the 4AMLD was issued by the Presidency on 21 February 2014, while discussions on the proposed regulation on information accompanying transfers of funds by the Commission had begun and three working party meetings were held on 14 March 2014, 28 March 2014, and on 11 April 2014. Following these working party meetings, two presidency compromise texts were issued on the 25 March 2014 and 8 April 2014.

On 12 May 2014, the Greek Presidency made the fourth presidency compromise publicly available. Various amendments to the text were made. This presidency compromise was shared with the Delegations in the Permanent Representatives Committee (the “COREPER”) 2 meeting of 28 May 2014. On 10 June 2014, the Commission adopted its position – in partial agreement – on the European Parliament amendments on the first reading.

On 15 June 2014, the Council published a note dated 13 June 2014, outlining its general approach to the proposed 4AMLD. The general approach is set out in document 10970/14^[20]; on the other hand document 10971/14 pertains to the proposed regulation on information accompanying transfers of funds.^[21] Various clarifications and enhancements have been made, including amendments to the definitions that are less rigid and elaborate than the text adopted by the European Parliament. The Council attempted to make the directive ‘cleaner’, that is simpler, more user-friendly, and comprehensive, although there were still minor shortcomings like linguistic errors. It is interesting to note that this compromise text had the support of all Member States (MSs)^[22] with the exception of Malta and Austria, and these MSs’ arguments are outlined below.

On 18 June 2014, the Council published a press release stating that COREPER 2 called upon the incoming Italian presidency to begin negotiations with the new European Parliament to adopt the 4AMLD at early second reading. During the COREPER 2 meeting on this date, ambassadors of the EU MSs officially approved and agreed on a General Approach. The EP and the Council were expected to engage in trialogue meetings in October 2014, with a view to adopting the new rules at early second reading, aiming to reach an agreement on the text before the end of 2014. This is despite the fact that in its conclusions of 22 May 2013, the Council had called for rapid progress and inter alia stated that the revision of the 3AMLD would be completed by the end of 2013.^[23] There was great pressure for the 4AMLD to be adopted prior to the end of 2014, but such deadline was not met. However, progress was made in January 2015, where with a view to the COREPER 2 meeting of 15 January 2015, the final compromise text was issued on 12 January 2015.^[24] On 27January 2015, at the 3366^th meeting of the Council (Economic and Monetary Affairs), the 4AMLD passed through a first reading.^[25] The text still needs to be endorsed by the European Parliament (around March or April 2015) and by the EU Council of Ministers. According to article 114 of the Treaty on the Functioning of the EU, the proposed directive requires a qualified majority for adoption by the Council, in agreement with the European Parliament.

Given that there have been various developments, with the result of having several drafts of the text, including those of the Commission, the European Parliament, and the Council (twice), this article purports to give an overview of the regulatory shift in the form of the proposed principal changes as envisaged so far,^[26] within their historical legislative background in chronological order as outlined above, that are to be made to the current 3AMLD.

3. The main changes

The 4AMLD is introducing quite a few changes, some of which are major, to the 3AMLD. These are designed to be evolutionary rather than revolutionary,^[27] and it is of paramount importance to delve into the main modifications in relation to the following classifications. These shall be briefly explained in turn.

3.1  The extension of the directive’s scope

The two main changes proposed are the reduction of the threshold for traders in high value goods dealing with cash payments and the introduction of providers of gambling services which must be authorised^[28] in the AML-CFT legislation.

Under the 3AMLD, traders in goods are included in the scope of the directive if they deal with cash payments of €15,000 or more. After receiving information from MSs that this relatively high threshold was being exploited by criminals, in the Commission’s proposal the threshold was lowered to €7,500.  However, it is pertinent to point out that in the previous compromise text, the Council increased the above-mentioned threshold of €7,500 to €10,000, and this has remained in the final compromise text.

The second major change is due to the fact that the 3AMLD requires that only casinos be included in the scope of AML-CFT legislation. Evidence in the EU suggests that this is leaving other areas of gambling vulnerable to misuse by criminals. Providers of gambling services are now also included under the definition of obliged entities.^[29] Thus, parity is created among providers in the gambling sector. With the exception of casinos, MSs may decide to exempt in full or in part certain gambling services from national provisions, transposing this directive on the basis of the low risk posed by the nature, and where appropriate, the scale of operations of the services following risk assessments. MSs shall notify the Commission of their decision. In the European Parliament’s version, the cases where Customer Due Diligence (“CDD”) measures were to be applied by obliged entities were increased to include casinos when carrying out occasional transactions amounting to €2,000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked; online gambling when establishing the business relationship; for other providers of gambling services when paying out winnings of €2,000 or more; and whenever a company is established. The Council’s text (both the previous and the current) has done away with these, and with regard to providers of gambling services, it limits CDD to either upon the collection of winnings and/or upon the wagering of a stake.

MSs would similarly be allowed exemptions, subject to particular conditions, for certain types of electronic money^[30] instruments. This is more or less similar to the addition in this respect made by the European Parliament.

However, with regard to the previous compromise text, Malta considered that there should be no exemptions in relation to gambling services from the provisions of the directive or, in any case, no different treatment of online and offline gambling. Therefore, Malta opposed article 2(1a) of that compromise text, which provided the possibility of exemption for the providers of gambling services, except for cross-border gambling. Furthermore, Malta maintained its reservations on the procedure for such an exemption.^[31]

In the Commission’s version, real estate agents were redefined as ‘real estate agents, including letting agents’, thus widening application, although this is not present in the Council’s version. However, the preamble of the current compromise text provides: ‘Estate agents could be understood to include letting agents where applicable.’ New definitions have also come in, such as ‘gambling services’ and ‘group’. The concept of a group programme is being introduced, in that the home competent authority for group-wide policies and controls, and the host competent authority for branches and subsidiaries, may consider that an obliged entity applies the measures on third party reliance through its group programme when the listed conditions are fulfilled. Obliged entities that are part of a group are to implement group-wide policies and procedures, including policies for data protection and sharing of information within the group, effectively implemented at the level of branches and majority-owned subsidiaries in MSs and third countries.

Tax crimes, related to direct and indirect taxes, are also being introduced, in order to reflect the revised FATF Recommendations. The definition of ‘beneficial owner’ has been clarified further, particularly in relation to the percentage threshold of 25%. In the case of trusts, the beneficial owner shall include the identity of the settlor, trustee(s), the protector, if any, the beneficiary or class of beneficiaries, and any other natural person exercising ultimate control over the trust including through direct or indirect ownership or through other means. The Council’s previous and current compromise text even explain control in the context of the identification obligation.

A list of criteria, to be totally fulfilled by the legal or natural person, is provided whereby MSs may decide that legal and natural persons who engage in a financial activity on an occasional or very limited basis where there is little risk of money laundering or funding of terrorist financing occurring, do not fall within the scope of the 4AMLD.

3.2  The risk-based approach

While the 4AMLD recognises that the use of a risk-based approach is an effective way to identify and mitigate risks to the financial system and wider economic stability in the internal market area, it proposes new standards by requiring evidence-based measures to be implemented in three major areas which will be outlined in the forthcoming paragraph. Each of these would be supplemented with a minimum list of factors to be taken into consideration or guidance to be developed by the European Supervisory Authorities (“ESAs”).^[32]

MSs will be required to identify, understand, and mitigate the risks facing them. This can be supplemented by risk assessment work carried out at a supra-national level^[33] and the results should be shared with other MSs, obliged entities, the Commission and ESAs. The concept of a national risk assessment (“NRA”), to be prepared by each MS, is introduced. Malta has already passed through this during the last quarter of 2013, and this is a project which is still underway. The NRA is a process of identifying and evaluating the money laundering and terrorist financing risks in a particular jurisdiction and analysing the main sources and drivers of the risks in order to develop effective and risk-based policies and actions, and allocate the available resources in the most efficient way to eliminate, control, and mitigate the identified risks. Obliged entities would thus be required to identify, understand, and mitigate their own risks, and to document and update the assessments of risks they undertake. This is a key element of the risk-based approach, allowing competent authorities within MSs to thoroughly review and understand the decisions made by obliged entities under their supervision. Ultimately, and this is very significant, those adopting a risk-based approach would be fully accountable for the decisions they make. This would mean that the supervisors’ resources can be used to concentrate on areas where the risks of money laundering and terrorist financing are greater. Eugene McConville, ex-head of financial intelligence at the UK’s Serious Organised Crime Agency, has been recorded as saying:

The rules are that it is risk based; it is not you turn everyone down. Ultimately, you look at someone, you make a decision, and you record it.^[34]

Another innovation is that the lists of countries published by FATF are mentioned in the Commission’s version of the directive itself, which provides that MSs are to periodically endorse and adopt these lists, so as to develop a common approach and common policies against high-risk and non-cooperative jurisdictions with deficiencies in the field of money laundering and terrorist financing. This has however been done away with in the Council’s text, both previous and current, and instead the Commission is given new responsibilities to identify and monitor AML-CFT risks of third countries with strategic deficiencies in this area. Appointing a compliance officer at management level, as well as having an independent audit function depending on the size and nature of the business, are other innovations. When performing identification and verification measures, obliged entities are also required to verify that any person purporting to act on behalf of the customer is so authorised to do so, and are required to identify and verify the identity of that person.

An annex is being included as part of the 4AMLD, displaying a non-exhaustive list of risk variables that obliged entities must consider when determining to what extent to apply CDD measures.

3.3  Simplified and enhanced customer due diligence

Through the 4ALMD, obliged entities would be required to take enhanced measures where risks are greater and may be permitted to take simplified measures where risks are demonstrated to be less serious. The provisions on simplified CDD in the 3AMLD were found to be overly permissive, with certain categories of clients or transactions being given outright exemptions from CDD requirements. The 4AMLD does not make any direct reference as to what constitutes simplified CDD since the approach is geared towards a more risk-based evaluation.

The Commission’s version of the 4AMLD introduced the concepts of ‘Foreign’, ‘Domestic’ and ‘International’ politically exposed persons (“PEPs”). Foreign PEPs are natural persons who are or have been entrusted with prominent public functions by a third country. Domestic PEPs are natural persons who are, or have been, entrusted by the MS with prominent public functions. Persons who are or have been entrusted with a prominent function by an international organisation include directors, deputy directors and members of the board, or any person having an equivalent function in an international organisation. Enhanced CDD was to be required in the case of Foreign PEPs, while when Domestic PEPs and International PEPs are involved, enhanced CDD was only called for in high risk cases. The present position is that in respect of Domestic PEPs normal CDD should be applied, and Enhanced CDD measures should be applied in respect of PEPs residing in another MS or in a third country. The previous and current Presidency compromise text removed these different categories of PEPs, essentially meaning that all PEPs must be treated the same. In the European Parliament’s amendments, PEPs’ family members do not include the children and their spouses or partners, or the PEPs’ parents. This was however re-inserted in the Council’s version. A new provision suggested by the European Parliament stated that the Commission, in cooperation with MSs and international organisations, must draw a list, for information purposes, of Domestic and International PEPs, which shall be accessible by competent authorities and obliged entities, but this has been deleted by the Council.

The 4AMLD contains separate annexes with a non-exhaustive list of factors relating to customer, jurisdiction, product, service, transaction or delivery channel, and types of evidence of potentially lower risk and of potentially higher risk, including types of enhanced CDD measures to be implemented as a minimum. Hence, more guidance to obliged entities in assessing money laundering and terrorist financing risks is provided.

3.4  Information on the beneficial owner

Chapter III (covering beneficial ownership information) of the 4AMLD is the most controversial change so far, thus meriting more analysis. The provisions in this chapter have also been subjected to significant amendments in the afore-mentioned report by Krišjānis Kariņš and Judith Sargentini. New measures are being proposed to provide enhanced clarity and accessibility of beneficial ownership information, as will be discussed below.

The current compromise text proposes that MSs should ensure that companies and other entities having legal personality incorporated within their territory obtain and hold adequate, accurate and current information on their beneficial ownership, including the details of the beneficial interests held.

The text of the European Parliament was so detailed that it even went into the minimum information needed to clearly identify the company and its beneficial owner, as well as the information required with regards to trusts or other types of legal entities and arrangements with a similar structure or function, whether existing or future.

The current compromise text provides that MSs must require that trustees of any express trust governed under their law obtain and hold adequate, accurate and current information on beneficial ownership regarding the trust. The information shall include the identity of the settlor, of the trustee(s), of the protector, if relevant, of the beneficiaries or class of beneficiaries, and of any other natural person exercising effective control over the trust. MSs shall ensure that trustees disclose their status and provide in a timely manner the above information to obliged entities when, as a trustee, the trustee forms a business relationship or carries out an occasional transaction above the stipulated threshold. MSs shall require that that information can be accessed in a timely manner by competent authorities and financial intelligence units (“FIUs”). The same measures shall apply to other types of legal arrangements with a structure or functions similar to trusts. The current compromise text states that MSs are to require that the required information is held in a central register ‘when the trust generates tax consequences’. Such register shall ensure timely and unrestricted access by competent authorities and FIUs, without alerting the parties to the trust concerned. It may also allow timely access by obliged entities when taking CDD measures in terms of Chapter II of the 4AMLD.

According to the current compromise text, the information on beneficial ownership shall be accessible by competent authorities and FIUs of all MSs in a timely manner without restriction (but without alerting the entity concerned), and to obliged entities in the framework of the conduct of CDD according to Chapter II of the 4AMLD. The information should also be accessible to any person or organisation ‘that can demonstrate a legitimate interest’, and these shall access at least the following information on the beneficial owner: name, month and year of birth, nationality, country of residence, and nature and extent of beneficial interest held. The qualification ‘than can demonstrate a legitimate interest’ is unfortunately ambiguous and open to interpretation, and it is hoped that guidelines will be issued. MSs should also be required to take measures to prevent misuse based on bearer shares and bearer share warrants. The information shall be held in a central register in each MS, such as a commercial register, companies register or a public register, available in line with data protection rules and may be subject to online registration and to the payment of a fee which shall not to exceed the administrative costs thereof.

Most probably, in Malta both registers will be maintained by the Malta Financial Services Authority, similar to that already existing with respect to the register of companies.

An amendment to article 29, regulating the retention of beneficial ownership information for legal entities, was made under the previous Presidency compromise text allowing MSs to permit obliged entities to access the beneficial ownership information which would otherwise be retained in the jurisdiction’s specified location or through other appropriate mechanisms. The Council’s approach was to require unrestricted access to stored information for competent authorities, FIUs, and if permitted by the MS, the obliged entity. However, it allowed flexibility for MSs in establishing the means for ensuring this, while giving examples of the varied forms that a storage mechanism can take. The same criteria were made applicable to article 30, regulating the holding of beneficial ownership information for trusts and similar arrangements, as envisaged by the Commission.

With regard to the information to be held for both corporate and legal entities and trusts, MSs shall require that obliged entities do not rely exclusively on the central register to fulfill their CDD obligations as stipulated in the 4AMLD – those obligations shall be fulfilled using a risk-based approach.

During 2014 there was an interesting debate going on, with some MSs arguing against having a public register of ultimate beneficial owners of companies and a public register of trusts. Austria’s concerns still persist in relation to storage of beneficial ownership information. On the mechanism for holding the beneficial ownership information, Austria has shown a strong preference for a central register. With regard to the access to that information, Austria strongly prefers full public access.^[35] In particular, the proposed public register of trusts has not gone down well with trust jurisdictions such as the UK and Malta. It is precisely for this reason that Malta’s MEPs voted against the parliamentary resolution. It is pertinent to note what the UK’s Prime Minister David Cameron wrote on the matter:

Europe must now, through the 4^th Money Laundering Directive…visibly lead global efforts to strengthen transparency of company beneficial ownership…Put simply, a lack of knowledge about who ultimately owns and controls companies facilitates illicit domestic and cross-border money laundering, corruption, tax evasion and other crimes…G8 leaders agreed in June that companies should be required to obtain and hold adequate, accurate and current information on their beneficial ownership. The UK strongly supports this very same commitment in the European Commission’s MLD proposal. And I was pleased that G20 leaders vowed to lead by example in ensuring that the relevant Financial Action Task Force standards in this area are met…I announced…that the UK’s central register of beneficial ownership will be open to the public. I concluded that a publicly accessible registry provides the best outcome for sound corporate behaviour; more effective law and tax enforcement; and for helping authorities, including those in developing countries, prevent misuse of companies for illicit purposes. I believe this will prove a significant step towards breaking through the walls of corporate secrecy. But as I warned this year, illicit finance is a global problem that can only be addressed through collective action. I hope other governments will join the UK in making an even bigger difference by taking swift action on company beneficial ownership. In Europe, our first collective step should be to mandate, through the MLD, the establishment of public central registries of company beneficial ownership as the cutting-edge benchmark for countries and major financial centres to emulate across the world. Central registries will not only enable law enforcement and tax authorities to access, discreetly and at short notice, critical information for cross-border investigations; public scrutiny of this information through public registries will also increase the likelihood of inaccuracies and omissions being identified and rectified…I know some want Europe to go even further to prevent the abuse of trusts and related private legal arrangements. It is clearly important we recognise the important differences between companies and trusts. This means that the solution for addressing the potential misuse of companies – such as central public registries – may well not be appropriate generally.^[36]

Cameron’s plans of action cannot be clearer. In fact, on 15 July 2014, it was reported that the UK Government announced that it was going to fully open up all its digital data, making it available free of charge. The UK will be the first to do so. Denmark publishes most of its information as open data, except for information relating to the accounts and financial statements of companies.

This change will come into effect from the second quarter of 2015 (April – June), and will mean that, as well as the existing basic company information, accounts, information on appointments, charges on assets or mortgages, and all image filings will be free for all users.^[37] As a result, it will be easier for businesses and members of the public to research and scrutinise the activities and ownership of companies and connected individuals. It is a considerable step forward in improving corporate transparency; a key strand of the G8 declaration at the Lough Erne summit in 2013. By making its data easily available and free of charge, Companies House is making the UK a more transparent, efficient and effective place to do business in. This approach is part of the process of transforming government services to make them more efficient and effective for users, with the expectation of boosting the UK economy.^[38]

Since 2010, Global Witness, a London-based non-governmental organisation backed by hedge-fund billionaire George Soros and devoted to fighting corruption in the developing world, has worked with a coalition of non-governmental organisations that lobby political leaders in London, Brussels and Washington to force companies to identify their ultimate beneficial owners. A bipartisan group of United States’ senators is co-sponsoring a bill that would require all fifty states to identify the beneficial owners of ventures incorporated in their jurisdictions.^[39] It is therefore evident that the major world powers are correctly moving in the same direction, and this is applaudable considering the increasing difficulty in fighting money laundering and terrorist financing.

Apparently, all the lobbying in the EU during 2014, particularly as concerns the treatment of trusts, has worked, as evident in the amendments to articles 29 and 30 made in the Council’s current compromise text.

3.5  Third country equivalence

The 4AMLD removes the provisions relating to positive ‘equivalence’, as the CDD regime is becoming more strongly risk-based and the use of exemptions on the grounds of purely geographical factors is less relevant. Nonetheless, the European Parliament, to the section on Performance by Third Parties, added a provision obliging the Commission to provide a list of jurisdictions having AML-CFT measures equivalent to the provisions of the directive and other related rules and regulations of the EU, which list should be regularly reviewed and updated according to information received from MSs. The Council’s text has removed this provision, but included a separate section entitled ‘Third Country Policy’ whereby the Commission is being empowered to adopt delegated acts to identify high-risk third countries with strategic deficiencies in their AML-CFT regime.

Whereas the 3AMLD requires credit and financial institutions to apply, in their branches and majority-owned subsidiaries located in third countries, CDD and record keeping measures at least equivalent to those provided in the directive itself, the 4AMLD goes further, in that the requirement applies to all obliged entities. The obliged entities’ branches or majority-owned subsidiaries located in third countries where the minimum AML-CFT requirements are less strict than those of the MS, are to implement the requirements of the MS, including data protection, to the extent allowable by the third country’s laws and regulations. A drastic measure has been introduced, in that if the additional measures taken by obliged entities where the third country’s legislation does not permit application of the MS’s requirements, are not sufficient, competent authorities in the home country shall exercise additional supervisory actions including requesting the group to close down its operations in the host country.

The Presidency version added a provision to the effect that enhanced CDD need not be resorted to automatically as far as concerns branches and majority-owned subsidiaries of obliged entities established in the EU which are however located in high risk jurisdictions identified by the Commission, if these branches and majority-owned subsidiaries fully comply with the group-wide policies and procedures. Obliged entities should nevertheless deal with such cases using a risk-based approach. The current Presidency version refined this by adding that MSs shall prohibit obliged entities from relying on third parties established in third countries indicated as high risk by the Commission, with the exemption being if these branches and majority-owned subsidiaries fully comply with the group-wide policies and procedures.

3.6  Administrative sanctions

In line with the Commission policy to align administrative sanctions, the 4AMLD has a range of sanctions that MSs should ensure are available for systematic breaches of key requirements of the directive, in particular, CDD, record keeping, suspicious transaction reporting, and internal controls. Competent authorities and obliged entities have reporting obligations in relation to breaches of the national provisions implementing the directive. Benchmarking, linked to turnover or profits, of the administrative pecuniary sanctions that can be applied, is being introduced. With regard to the provisions concerning sanctions, the previous Presidency compromise text provides that MSs can set a maximum level of pecuniary fines of no less than €1 million, or, in the case of breaches involving credit or financial institutions, a maximum level of sanctions of at least €5 million which vary for a legal person or a natural person.

The ‘name and shame’ approach is another innovation – this is one severe sanction that can be applied by issuing a public statement indicating the person and the nature of the breach. However, this can only be applied if this sanction is found to be proportionate to the case at hand, which proportionality should be decided on a case-by-case basis. Moreover, where publication would cause a disproportionate damage to the parties involved, competent authorities may publish the sanctions on an anonymous basis.

3.7  Financial Intelligence Units

The 4AMLD brings in, through the provisions of Council Decision 2000/642/JHA of 17 October 2000, arrangements for cooperation between FIUs of MSs in respect of exchanging information,^[40] and further extends and strengthens cooperation amongst MSs’ FIUs. International FIU co-operation was envisaged in the Commission’s, the European Parliament’s, and the previous compromise text of the Council, but has been removed in the Council’s current compromise text. Cooperation with Europolwas added in the European Parliament’s version. Within established parameters, FIUs shall respond to requests for information by law enforcement authorities, or competent authorities in the Council’s versions, in their MSs. Associated predicate offences (even more mentioned in the Council’s versions) now also fall within the remit of FIUs, apart from potential money laundering and terrorist financing. The scope of the statistics to be compiled by FIUs now gains importance due to the preparation of national risk assessments.

Very interesting is the extension of the categories for which MSs have the possibility to designate an appropriate self-regulatory body of the professions as the authority to be informed in the first instance in place of FIUs, in line with the case law of the European Court of Human Rights. In all circumstances however, MSs shall provide for the means, and manner by which, to achieve the protection of professional secrecy, confidentiality, and privacy.

Even the role of competent authorities has been enhanced, with the inclusion of a list of required standards of their staff.

3.8  European supervisory authorities

The 4AMLD envisages a lot of co-operative work for the ESAs. These are not featured in the 3AMLD. The ESAs are, inter alia, asked to carry out an assessment and provide an opinion on the money laundering and terrorist financing risks facing the EU. They are also tasked with providing regulatory technical standards and guidelines for certain issues where financial institutions have to adapt their internal controls to deal with specific situations.

In the 4AMLD texts of the Commission and the European Parliament, there is no reference to the Committee for the Prevention of Money Laundering and Terrorist Financing, which was set up to assist the Commission, but it has been reproduced again in both versions of the Council’s amendments.

3.9  Data Protection

The 4AMLD gives significant importance to data protection, that is, the need to strike a balance between allowing robust systems, controls and preventative measures against money laundering and terrorist financing on the one hand, and protecting the rights of data subjects on the other. Reference is made to Directive 95/46/EC.^[41]

With regard to the extension period of CDD record-keeping, the maximum retention period suggested by the European Parliament was done away with, while that of the Commission, which was 10 years, was changed by the Council’s previous compromise text to ‘shall not exceed the limitation period provided for in their national law and, in any case, 15 years’. The Council’s current compromise text provides for 5 years. Upon the expiration of this period, personal data shall be deleted unless otherwise provided for by national law, which shall determine under which circumstances obliged entities may or shall further retain data. MSs may allow or require further retention (which must not exceed 5 additional years) after carrying out a thorough assessment of the necessity and proportionality of such extension and if necessary for the prevention, detection, or investigation of money laundering and terrorist financing.

4. The Way Forward

Transparency International, the global civil society organisation leading the fight against corruption, welcomed all the developments so far in relation to the 4AMLD.^[42] It is now just a question of when the 4AMLD is finally adopted and with what actual provisions from the numerous changes seen above, and how it will eventually be transposed into the Laws of Malta. It will be interesting to see what changes would be made to the Maltese legislation on the subject, although there is still a long way to go before such changes can indeed be implemented. The transposition period for MSs is of two years. Nonetheless, all subject persons should, in advance, prepare themselves as soon as is reasonably practicable, generally by aiming at having their internal policies and procedures ready for the major changes to be triggered by the 4AMLD.