Key changes to obliged entities’ obligations
In many respects, the main obligations under the AML Regulation reflect the requirements under the existing regime but in the form of a regulation. However, there are a number of areas where the requirements are more prescriptive. For example, there is more detail on the matters to be covered in policies, procedures and controls and on the role of the persons who are responsible for compliance with the AML Regulation.
In a number of areas, such as reliance on third parties, policies and procedures and politically exposed persons, there will also be new guidance provided by AMLA which will add additional requirements for firms.
Some of the detail is also expected to be included in Regulatory Technical Standards (RTS) but these are generally not due to be finalised until at least 2026.
Therefore, although firms may already be complying with many of the requirements under the AML Regulation, they will need to consider the measures that they have in place carefully in light of the new rules, including the forthcoming AMLA guidance and RTS, to see whether any changes or additions are required.
There are also some other, more concrete, changes. These include:
- Obliged entities: Additional obliged entities including crypto-asset service providers and central securities depositaries.
- Policies: Requirement to have in place policies and procedures to mitigate and manage the risk of sanctions breaches.
- CDD: New, additional circumstances in which obliged entities must apply customer due diligence (CDD) including when participating in the creation of a legal entity or setting up an express trust (or equivalent) and when there are doubts about whether the person with whom they interact is the customer or its authorised agent. The threshold for carrying out CDD in the case of an occasional transaction has been reduced to EUR 10,000 (from EUR 15,000) with a lower limit applying in certain specific cases such as payments in cash.
- CDD measures: Additional mandatory CDD measures including seeking information on the nature of the customer’s business and sanctions checks. Also new lists of specific information to be collected on customers and beneficial owners. Some of these requirements were previously only mandated where firms were carrying out enhanced due diligence. AMLA is also to produce draft RTS on the information needed to perform CDD.
- Collective investment undertakings: Clarification that where both a fund and its fund manager fall within the scope of the requirements under the AML Regulation, the measures taken should reflect the allocation of tasks between those entities. This is only included in a recital and therefore its impact in practice is currently unclear. New rules on identifying the beneficial owners of collective investment undertakings also apply (broadly natural persons with holdings of 25% or more of the units, the ability to influence the investment policy or control by other means).
- Enhanced due diligence: Additional enhanced due diligence measures to be applied to high-risk business relationships which involve the handling of assets with a value of at least EUR 5,000,000 for certain customers with assets over EUR 50,000,000. This is largely aimed at personalised asset management services. Also a broader definition of politically exposed persons including heads of regional and local authorities.
- Beneficial Ownership: Possible tweak to the 25% ownership threshold for beneficial ownership. The AML Regulation refers to “ownership of 25% or more” whereas MLD IV refers to holdings of more than 25% suggesting that holdings of exactly 25% would now be caught. Firms may therefore need to revisit their beneficial ownership analysis. In certain high-risk cases, the European Commission has the power to set a lower threshold.
- Beneficial Ownership and control: Specific situations which can be considered “control” for the purposes of beneficial ownership such as the right to exercise relevant veto or decision rights or take decisions regarding the distribution of profits or a shift in assets. Again, firms may need to revisit their beneficial ownership analysis if these situations had not previously been considered.
- Expertise and integrity: Persons (such as employees, agents and distributors) “directly participating in the obliged entity’s compliance” with the AML regulation must be assessed as having appropriate skills, knowledge and expertise to carry out their functions effectively. The assessment will also consider their honesty and integrity and whether they are of good repute. This has the potential to be a significant obligation for firms – particularly those which may not be subject to suitability requirements in sectoral legislation, such as certain Annex I firms.
- Outsourcing: New requirements in respect of outsourcing of obligations under the AML Regulation to service providers including a list of functions (such as approval of policies) which cannot be outsourced under any circumstances.