The new EU AML/CFT Package

• The policies, controls and procedures that Subject Persons should have in place. The Regulation also states that those policies, controls and procedures should be proportionate to the nature and size of the Subject Person.

• The Regulation stipulates that Subject Persons should have a Compliance Manager (to ensure compliance with the Regulation) as well as a Compliance Officer (responsible for the day-to-day operation of the Subject Person’s AML/CFT policies), however, where the size of the Subject Person justifies it, the same natural person may perform the functions.

• By two years after the Regulation enters into force, AMLA shall issue guidelines on the elements that Subject Persons should consider when deciding on the extent of their internal policies, controls and procedures.

• By two years from the entry into force of the Regulation, AMLA shall develop draft regulatory technical standards (which shall indicate the minimum requirements of group-wide policies amongst other things) and submit them to the Commission for adoption.

By virtue of the Package, all rules currently enshrined within Directive (EU) 2015/849 pertaining to the private sector are being transferred to the AMLR.

The AMLR serves to include a variety of new sectors within the already-existing definition of “obliged entities” or Subject Persons as per the local legal framework. This will now include, amongst others, professional football clubs and their agents, individuals involved in the trade of luxurious products, as well as crypto-asset service providers. One of the key elements of the AMLR is the clarification of the reporting requirements to be followed by obliged entities.

To this end, a €10,000 cash payment threshold is being set, whilst the AMLR will also require these entities to identify and verify the identity of any natural person carrying out transactions constituting over €3,000 in cash. Moreover, the AMLR also clarifies that these thresholds do not preclude obliged entities from conducting all necessary CDD measures and reporting the same to the relevant Financial Intelligence Unit (“FIU”) should any suspicions of ML/TF subsist.

Subject Persons must now also report any and all suspicious transactions, including those resulting from an inability to conduct CDD, either of their own accord or following a request for information from the relevant FIU. In such instances, replies to requests for information made by the FIU are to be made within five days, whilst in certain urgent instances, the FIU enjoys the discretion to shorten the above-mentioned time frame to less than 24 hours, should necessity dictate as such. 

Two years following the entry into force of the AMLR, it is expected that AMLA will draft implementing technical standards regarding the format to be utilised for reporting purposes in the above-mentioned scenarios, to be submitted to the European Commission for its consideration and eventual adoption.

It is important to note that these requirements do not apply to lawyers, notaries, other independent legal professionals, auditors, external accountants, and tax advisors.

The Package also sees the establishment of AMLA. This new Authority will be set up in Frankfurt, Germany and will primarily serve a direct supervisory function to 40 high-risk financial entities operating on a cross-border basis, whilst also indirectly supervising other entities, irrespective of whether or not they form part of the financial sector.

AMLA will also be heavily involved in the coordination of FIUs’ activities, in terms of the facilitation of communication and information exchange between respective units, contributing to the analysis of cross-border cases, as well as maintaining the FIU.net information database. Moreover, AMLA is also expected to draft regulatory and implementing technical standards and issue its own sets of guidelines, to be considered together with existing EU AML/CFT rules and legislation.