On 20 July 2021, the European Commission published a package of legislative proposals designed to strengthen the EU’s anti-money laundering and countering the financing of terrorism (AML/CFT) rules. The legislative package consists of a:

  • Regulation establishing a new EU AML/CFT Authority. In the financial sector, this new European Authority directly supervise financial sector entities that are exposed to the highest risk of money laundering and terrorist financing. The new Authority will also play a vital role in improving the exchange of information and cooperation between financial intelligence units (FIUs). The Authority will serve as a support and coordination hub assisting their work on, inter alia, joint analyses of suspicious transaction reports and suspicious activity reports with significant cross-border footprint, and providing stable hosting of the FIU.net platform.
  • Regulation on AML/CFT, containing directly-applicable rules, including in the areas of customer due diligence and beneficial ownership. The Regulation does not simply transfer provisions from the existing AML/CFT Directive but makes a number of changes of substance:
    • In order to mitigate new and emerging risks, the list of obliged entities is expanded to include crypto-asset service providers but also other sectors such as crowdfunding platforms and migration operators
    • To ensure consistent application of rules across the internal market, requirements in relation to internal policies, controls and procedures are clarified, including in the case of groups, and customer due diligence measures are made more granular, with clearer requirements according to the risk level of the customer
    • The requirements in relation to third countries are reviewed to ensure that enhanced due diligence measures are applied to those countries that pose a threat to the EU’s financial system
    • Requirements in relation to politically exposed persons are subject to minor clarifications, particularly as regards the definition of a politically exposed person
    • Beneficial ownership requirements are streamlined to ensure an adequate level of transparency across the EU, and new requirements are introduced in relation to nominees and foreign entities to mitigate risks that criminals hide behind intermediate levels
    • To guide more clearly the reporting of suspicious transactions, red flags raising suspicion are clarified, whereas disclosure requirements and private-to-private sharing of information remain unaltered
    • In order to ensure full consistency with EU data protection rules, requirements for the processing of certain categories of personal data are introduced and a shorter time limit is provided for retention of personal data
    • The measures to mitigate the misuse of bearer instruments are strengthened and a provision limiting the use of cash for large transactions is inserted in light of the proven low effect of the current approach relying on traders in goods for implementing AML/CFT requirements in relation to large cash payments
  • Sixth Directive on AML/CFT (AMLD6), replacing Directive 2015/849/EU (the fourth AML Directive as amended by the fifth AML Directive). The Directive does not simply transfer provisions from the current AML/CFT Directive into a new Directive. A number of changes are made in order to bring about a greater level of convergence in the practices of supervisors and FIUs and in relation to cooperation among Member State competent authorities:
    • To avoid that the administrative set-up of FIUs impacts their analytical functions nor their capacity to cooperate with their counterparts, their powers and tasks are clarified, as well as the minimum set of information that FIUs should be able to access
    • To ensure that FIUs are effectively able to cooperate, a framework for joint analyses is laid down. A legal basis for the FIU.net system is also provided
    • In order to inform the risk understanding of obliged entities, clear rules on feedback by FIUs are laid down. Similarly, clear rules on feedback to FIUs are provided for to ensure that FIUs are aware of the use made of the financial intelligence they provide
    • The powers and tasks of supervisors are clarified to ensure that all supervisors have the instruments to take adequate remedial actions. The duty of oversight by a public authority on self-regulatory bodies that act as supervisors is introduced, with clear tasks defined for this public authority
    • The approach to risk-based supervision is harmonised through a common risk categorisation tool in order to avoid divergent risk understanding in comparable situations
    • In order to improve cooperation among supervisors, AML/CFT colleges are set up, and mechanisms are put in place to ensure supervisory cooperation in relation to operators that provide services across borders
    • Cooperation with other authorities is clarified by providing for specific cases in which a duty to cooperate arises in order to avoid inefficiencies due to sylos approaches
    • The powers of the registers of beneficial ownership are clarified to make sure that they can obtain up-to-date, adequate and accurate information
    • To remedy the current shortcoming in legislation, an interconnection of the bank account registers is provided for
  • Revision of the 2015 Regulation on Transfers of Funds to trace transfers of crypto-assets. The Regulation revises Regulation 2015/847/EU on information accompanying transfers of funds, making it possible to trace transfers of cryptoassets and limit large cash payments.