On 19 June 2024, the European Union published its revised anti-money laundering (AML) regime in the Official Journal, which has introduced significant changes for financial services firms and other obligated entities. This is of importance for UK-based entities with EU operations or plans to expand into the EU, as they must understand these changes to ensure compliance. This article will run through the new AML framework and summarises what the key changes are and how this will impact firms. Notably, the establishment of a Pan-European AML regulatory body, the broadened scope of obliged entities and new requirements related to customer due diligence.
AML Regulation and the new AML Directive
The cornerstone of the new AML framework is Regulation (EU) 2024/1624 (‘AML Regulation’), which outlines the high-level obligations for “obliged entities”. This group of ‘obliged entities’ includes EU financial services firms and certain non-authorised entities. While the core principles are familiar from previous directives – primarily the Fourth Money Laundering Directive (AMLD4) and its amendment by the Fifth Money Laundering Directive (AMLD5) – this is the first time these rules have been consolidated into a regulation, aiming to harmonise the AML approach across the EU.
The AML Regulation introduces new requirements and enhancements that entities must consider. For instance, policies, procedures and controls are now more prescriptive, with detailed expectations on compliance roles and responsibilities. Additionally, AMLD4 will be replaced by Directive (EU) 2024/1640 (AMLD6), which focuses on supervisors and Financial Intelligence Units, especially regarding beneficial ownership registers. As a reminder, regulations are directly binding to every member state, while directives set goals for member states to achieve through their own laws.
The AML Regulation and AMLD6 are set to take effect for the most part from July 10, 2027.
Impact on UK entities
Although the AML Regulation targets EU-based entities, UK entities operating in the UK and the EU must navigate and comply with two separate regulatory regimes. This dual compliance burden can increase complexity and the risk of non-compliance. UK firms with EU operations or expansion plans must align their AML policies and procedures with the new rules to avoid regulatory and operational challenges.
New EU-wide supervisory authority
The EU is establishing a new regulatory body for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), established under Regulation (EU) 2024/1620. AMLA will issue guidance, supervise AML/CFT across the EU, and support EU Financial Intelligence Units. AMLA, headquartered in Frankfurt, will start operations in the summer of 2025. Impacted firms must stay updated on AMLA’s guidance and upcoming Regulatory Technical Standards (RTS), expected by 2026.
Key changes and requirements
Several new and enhanced requirements under the AML Regulation are noteworthy:
- Obliged entities: The regulation has expanded the scope of firms seen as obliged entities and includes additional entities, notably crypto-asset service providers (CASPs), crowdfunding platforms and central securities depositories.
- Customer due diligence (CDD): Additional information specifies which clients require ID verification and outlines the specific details to be collected and verified during CDD and remote onboarding processes. This encompasses requirements for individuals, entities, trusts, and other organisations. In addition, to ensure that the risks of non-implementation or evasion of targeted financial sanctions are appropriately mitigated, obliged entities are now explicitly required to verify whether the customer and/or the beneficial owners are subject to targeted financial sanctions AMLA is mandated to issue comprehensive guidance on data collection procedures soon.
- Enhanced due diligence (EDD): High-risk relationships, particularly those involving large asset values, require additional due diligence measures. Furthermore, CASPs will need to perform EDD on specific transactions linked to cross-border correspondent relationships. The definition of politically exposed persons has also been broadened.
- Beneficial ownership and control: The regulation outlines specific situations that qualify as “control” for determining beneficial ownership, such as having the right to veto or make key decisions regarding profit distribution or asset shifts. Firms may need to reassess how they determine beneficial ownership if these factors were not previously accounted for.
- Expertise and integrity: Employees involved in AML compliance must possess the appropriate skills, knowledge, integrity, and have a good reputation. In addition, firms are required to have a whistleblowing service to protect employees and senior management who report breaches of regulations.
- Outsourcing: New restrictions on outsourcing AML obligations apply, with specific functions explicitly prohibited from being outsourced.
- The AML Regulation aims to eliminate anonymity: Anonymous crypto-asset wallets, prepaid cards issued in third countries, passbooks, safe deposit boxes, and accounts are prohibited. CDD must be applied to existing anonymous vehicles. Unlisted companies cannot issue bearer shares, and existing bearer shares must be converted to registered shares, with only intermediated bearer share warrants allowed. Additionally, a €10,000 limit on cash payments for trade in goods is proposed, banning transactions above this amount, with member states allowed to set a lower limit.
Conclusion
The EU’s revised AML regime introduces significant changes affecting UK entities with EU ties. By understanding and preparing for these new requirements, UK firms can ensure compliance and continue thriving in the European market. Staying informed and reactive in response to regulatory developments at AMLA is essential for maintaining seamless operations and avoiding regulatory challenges.
