Retrospective: 5th EU Money Laundering Directive
2 years after the 5th EU Money Laundering Directive (5MLD) was passed and months after it went into force, we analyze where things stand today.
The 5th EU Money Laundering Directive (5MLD) is the most recent major step the European Union has taken to address illicit funds flowing through the global financial system and improve customer due diligence and anti-money laundering efforts. Ratified on July 9, 2018, and put into force January 10, 2020, the 5MLD seeks to update existing AML policies as a result of the changing landscape of financial crime as well as recent, public financial crime exposés, such as the Panama Papers.
The 5MLD seeks to enhance the current 4MLD policies by requiring member states to take the following actions:
- Create and maintain beneficial ownership registries to improve transparency in companies and trusts,
- Publicize ultimate beneficial ownership registries to financial intelligence units (FIUs), banks, law firms, and other competent authorities,
- Validate UBO registries and share UBO information between member states,
- Lift anonymity of prepaid cards and other electronic money products,
- Extend AML and CFT policies to cryptocurrencies,
- Enhance the identification and screening of high-risk countries,
- Create centralized bank account registers,
- Enhance cooperation between member state FIUs as well as other supervisory authorities.
These can be summarized into 3 categories:
- Improvements in Ultimate Beneficial Ownership registries and access to these revenues by competent authorities,
- Improvements in cooperation between FIUs, member states, and supervisory authorities,
- Addition of virtual currencies and cryptocurrencies to existing AML/CFT policies.
Ultimate Beneficial Ownership (UBO) Registries
Identifying clear ownership and corporate structure information has been a key part of the FATF 40 Recommendations since its initial recommendations in 2003. The need for identifying UBO has only grown over the last decade due to numerous cases of individuals and entities hiding funds or illicit activities through complex corporate structures:
- In 2014, the Russian energy conglomerate Gazprom was sanctioned by the US government due to the Russian annexation of Crimea. With over 200 subsidiaries, it has been very difficult for financial institutions to identify which clients may be tied to this or other sanctioned entities.
- The 2016 Panama Papers leak identified over 200,000 companies that had used the Panamanian law firm, Mossack Fonseca, to obscure corporate structures and ownership.
Historically, identification of UBO and corporate structure information has been left up to the financial institution. Many rely on bespoke enhanced due diligence reports or private corporate registries (such as Dun&Bradstreet or Bureau van Dijk). These solutions are often expensive, incomplete, and unverified.
It is due to these challenges that the European Union has compelled its member states to implement UBO registries and make those registries either completely public or open to competent authorities, financial institutions, and designated non-financial businesses and professions (DNFBPs) to perform proper due diligence on the corporate executives as well as any shareholder with 25% of more direct or indirect ownership.
Improvements in Cooperation
While the EU functions as a single market in many ways, each country implements its own laws based on directives from the European Parliament. This approach allows countries to create laws and regulations to fit the needs of their population but has the effect of leaving open many loopholes that can be used to circumvent individual state regulations. Free movement through the Union coupled with inconsistent regulations and enforcement enables criminal enterprises to game the system to avoid detection. The European Union, therefore, is looking to implement more granular guidance in future regulations to minimize those loopholes.
On July 10, 2020, the EU released an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing. The plan reiterates many of the challenges facing the EU in its current approach to AML: member states implement the details of the directives differently when transposing the regulations into law.
The 5th MLD and the recent Action Plan both encourage Financial Intelligence Units (FIUs) across the Union to implement unified technology and tools to share information across borders more quickly and efficiently.
Virtual Currencies, Cryptocurrencies, and VASP
Most of the public attention around the 5th MLD has focused on the implementation of existing policies to emerging financial technologies, including virtual currencies, cryptocurrencies, and virtual asset service providers (VASPs), such as exchanges and miners. Changes to the EU regulations have aligned with similar recommendations and requirements from the FATF and FinCEN.
The aim of these changes has been to align existing AML and CDD policies with new, emerging, and future technologies, ensuring the same requirements for these technologies as for currently regulated financial institutions and FinTechs.
While there has been widespread attention and adoption of screening policies related to virtual currencies and cryptocurrencies, a number of EU states have fallen short of compliance with many other aspects of the 5MLD, which was required as of January 10, 2020. In the infringement notice released May 20, 2020, the EU Commission identified a number of countries within the Union that have not yet complied with the full 5MLD. These include Belgium, Czechia, Estonia, Ireland, Greece, Luxembourg, Austria, Poland, and the UK. This is in addition to members who were already notified of deficiencies, which include Cyprus, Hungary, the Netherlands, Portugal, Romania, Slovakia, Slovenia, and Spain.
Seven months after it went into force, 60% of EU member states are still non-compliant with the 5th Money Laundering Directive. The failure of these states to properly implement the 5MLD complicates compliance for global institutions as well as making it more difficult for them to implement proper controls regarding UBO and cryptocurrency. As the EU moves toward a more collaborative, unified approach to KYC and CDD, loopholes should hopefully be closed, resulting in a reduction of financial crime and terrorist financing.