THE FORTHCOMING EU 4th ANTI MONEY LAUNDERING DIRECTIVE AND THE SUPERVISION OF PAYMENT INSTITUTIONS (ENCYCLOPEDIA)
The EU 4th Money Laundering Directive will come into place in 2015 to improve transparency, information and effectively fight against financial crimes; the legal instruments employed to achieve greater financial stability are the Directive on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing, and the Regulation on information accompanying transfers of funds to secure ‘due traceability’ of these transfers. In this new regulatory framework, supervision of payment institutions represents one of the most important issues.
1. The forthcoming EU 4th Money Laundering Directive (AMLD): the regulatory framework and the new fundamental rules.
With the forthcoming EU 4th Money Laundering Directive (AMLD) the European Union is now putting in place a framework which focuses on greater effectiveness and improved transparency in order to make it harder for criminals to abuse the financial system, for example enhancing beneficial ownership transparency introducing new investigative tools.
Significant progress has been achieved on the review package which, as know, consists of two legal instruments: a new Directive on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing and a Regulation on information accompanying transfers of funds to secure ‘due traceability’ of these transfers.
These proposals take into account the 2012 Recommendations of the Financial Action Task Force (FATF), and go further to promote the highest standards for anti-money laundering and counter terrorism financing.
The proposal for a Fourth Directive implementing the FATF Recommendations has been the subject of intense negotiations in the Council and the European Parliament for nearly two years. The Italian Presidency of the EU Council reached December 16, 2014 an agreement with the European Parliament on the Fourth Money Laundering Directive and the Regulation on funds transfers. At the moment, at the request from France, in light of the recent events, it needs more time to scrutinise the text on terrorist financing. However this does not affect the agreed texts and it does not have any consequences for the procedural steps to follow.
The new regulatory framework welcomes the risk-based approach: it acknowledges that the levels and types of action required to be taken by member States, supervisors and firms will differ according to the nature and severity of risks in particular jurisdictions and sectors, clarifying the types of situations in which simplified customer due diligence will be appropriate, as well as those situations where it is necessary for firms to conduct enhanced checks.
We have new rules concerning the extended definition of politically exposed persons – PEPs (here is clarified that enhanced due diligence will always be appropriate where transactions involve politically exposed persons), inclusion of tax crimes as predicate offences, national and Europe-wide risk assessments, reinforcement of sanctioning powers and requirements to co-ordinate cross-border action, lower exemptions for one-off transactions and expansion of the perimeter, new requirements on beneficial ownership information, to increase transparency by requiring companies and trusts to hold information on their beneficial ownership, and to make this information available to supervisors and parties conducting due diligence on them.
2. The problem of supervision of payment institutions that operate across borders by agents.
In this new regulatory framework, we have the problem of supervision of payment institutions that operate across borders by agents. In fact most Member States result host some agents operating on a European passport under the EU Payment System Directive (PSD); a large number of Member States act as the home regulator for cross border Payment Institutions.
Risks associated with the Money Transfer sector, especially operating through agents, are considered very high.
For example, in Italy money laundering and financing terrorism risks associated with the Money Transfer sector are considered very high, due also to the size of the Italian money remittance market: amongst the EU countries, the Italian market is the second biggest one in terms of money remittance flows directed abroad (eur 7,39 mld in the 2011). In 2011 the market share of the Money remitters based in another EU country operating in Italy through very extensive networks of agents was equal to 55%.
In this framework, various criminal investigations found out that the money transfer networks are misused for money laundering purposes or for terrorist financing purposes by criminal organizations. Italy is conducting a specific risk assessment of the payment services sector in the broader works undertaken to draft the Italian National Risk Assessment.
In Portugal, PS agents, whenever they are not financial institutions, are considered as presenting an inherent ML/FT high-risk. This is the case due to their absence of control mechanisms in terms of the prevention of AML/CFT on the overwhelming number of agents operating in these conditions (gas stations, subway stations, supermarkets).
According to FATF’s new Recommendation 14 on money or value transfer services providers, MVTS providers should be required to be licensed or registered. MVTS providers should be subject to monitoring for AML/CFT compliance. Agents for MVTS providers should be required to be licensed or registered by a competent authority, or the MVTS provider should be required to maintain a current list of its agents accessible by competent authorities in the countries in which the MVTS provider and its agents operate. According to para. 14.5, MVTS providers that use agents should be required to include them in their AML/CFT programmes and monitor them for compliance with these programmes.
Agents pursuing their activities on the basis of PSD Article 25, regarding the exercise of the right of establishment and freedom to provide services. According to this rule, any authorised payment institution wishing to provide payment services for the first time in a Member State other than its home Member State, in exercise of the right of establishment or the freedom to provide services, shall so inform the competent authorities in its home Member State. Within one month of receiving that information, the competent authorities of the home Member State shall inform the competent authorities of the host Member State of the name and address of the payment institution, the names of those responsible for the management of the branch, its organisational structure and of the kind of payment services it intends to provide in the territory of the host Member State. In order to carry out the controls in respect of the agent, branch or entity to which activities are outsourced of a payment institution located in the territory of another Member State, the competent authorities of the home Member State shall cooperate with the competent authorities of the host Member State. The competent authorities of the home Member State shall notify the competent authorities of the host Member State whenever they intend to carry out an on-site inspection in the territory of the latter. However, if they so wish, the competent authorities of the home Member State may delegate to the competent authorities of the host Member State the task of carrying out on-site inspections of the institution concerned. The competent authorities shall provide each other with all essential and/or relevant information, in particular in the case of infringements or suspected infringements by an agent, a branch or an entity to which activities are outsourced. In this regard, the competent authorities shall communicate, upon request, all relevant information and, on their own initiative, all essential information.
3. The requirement of Central Contact Points in some European national legislations.
In EU Member States, there have been reported some cases of countries where the requirement of a central contact point has been set up by their national legislation.
In Italy, the reference to CCPs has been included in Article 42 of the Legislative Decree 231/2007 (Italian AML law) after its recent amendment by the Legislative Decree 164/2012. According to para. 3, the STR (suspicious transaction report) shall be submitted to the Financial Intelligence Unit by the agents of the PIs directly or through the CCP created in Italy by the EU EMI or PI. The creation of the Contact Point is mandatory in case of plurality of agents.
Payment institutions agents operating in Italy are subject to the Italian AML regulations; so they are obliged to comply also with the Italian Customer Due Diligence and record keeping requirements. At the moment, the Italian law provides a role for the central contact point (CCP) only in relation with the STRs. But, in their understanding, payment institutions are very likely to assign to the central contact point also coordination and supervisory role with regard to the other pieces of the AML obligations applicable to the agents operating in Italy.
In Belgium, Belgian AML law applies to payment institutions/electronic money institutions "providing payment services in Belgium through a person established there and representing the institution to this end". PIs/EMIs with such an establishment in Belgium are subject to all the provisions of the Belgian AML law, including article 18 which provides that the obliged entities "shall assign responsibility for the implementation of this Law to one or more persons within their institution or profession. These persons shall primarily be responsible for implementing the policies and procedures referred to in Articles 16 and 17, as well as for examining the written reports drawn up in accordance with Article 14, § 2, second subparagraph , in order that appropriate action may be taken, where necessary, in accordance with Articles 23 to 28. [...] In the cases referred to in Article 2, § 1, 4ter, c) and 4quater, e) [i.e. in the case of PIs /EMIs providing payment services in Belgium through a person established there and representing the institution to this end] a person responsible for the implementation of this Law should be established in Belgium". This person responsible for the implementation by the EEA PIs/EMIs of the Belgian AML law is the Belgian CCP, even if the Belgian Legislation doesn’t make use of that expression. Belgian AML law applies to all PIs/EMIs providing payment services in Belgium "through a person established there and representing the institution to this end". The wording "through a person established there and representing the institution to this end" is meant to capture any form of establishment in Belgium (other than branches, already mentioned in another subparagraph), provided the establishment has the power to represent the PI/EMI.
Functions of the CCP result from Article 18 of the Belgian AML law. The main functions of an officer responsible for preventing money-laundering and the financing of terrorism –and hence of a Belgian CCP– consist in: examining the written reports relating to atypical transactions which are communicated to it and drawn up in accordance with Article 14, § 2, second subparagraph of the Law; deciding if such atypical transactions are suspicious and in filing, if this is the case, a suspicious transaction report to the Belgian FIU (CTIF-CFI) in accordance with Articles 23 to 28 of the Law; implementing the policies and procedures referred to in Articles 16 and 17. This includes the implementation of the internal measures and control procedures set out by the PI/EME in order to ensure compliance with Belgian AML law, the implementation of the group AML policy and the implementation of the measures taken by the EME/PI to train their representatives in terms of AML obligations.
In Spain, according to the Spanish legislation, if an EU payment/e-money institution designates more than one agent in Spain for the provision of payment services, the agents would constitute a network of agents. In accordance with Articles 4.2 and 10.4 of Royal Decree 712/2010, Banco de Espana shall hold a register of persons responsible for the network of agents, and its establishment will be subject to the same procedure established in regard to branches of EU payment institutions. That means it is necessary for the PIs/EMIs to designate and communicate to Banco de Espana both a person in charge of the agents’ network and contact address in Spain. The provisions above are included in the template of communication that Bank of Spain sends to the PI, once it has received notice from the Home Supervisor.
The legislation does not explicitly mention a "central contact point", but since the agents’ network are considered similar to a branch, a central contact point is therefore a mandatory requirement. Furthermore, according to the regulation, agents of foreign PI must, in the exercise of their activity in Spain, observe the same rules of law that the agents of any Spanish PI must observe.
In Portugal, the draft rule through which the Portuguese Supervisory Authority intend to implement the requirement of the Central Contact Point for payment institutions is an Aviso do Banco de Portugal. A preliminary version was published in March 2013. In a more up-to-date version of the Article 7 of the draft Aviso do Banco de Portugal, which regulates the agents of foreign Payment Institutions or e-money institutions, according to its third paragraph, in order to facilitate the exercise of AML/CFT supervision and improve compliance with the related regulation, EU payment or e-money institutions must promote the creation in Portugal of a Central Contact Point, whenever they operate in Portugal through one or more agent or third party with operational functions.
The appointment must be done before providing such activities in Portugal through one or more agent/third party with operational functions. This central contact point must also be ensured by a natural or legal person who has a physical structure permanently adequate to meet the functions and who must be any of the financial institutions identified in Article 3 (among them, credit institutions or payment institutions, including branches of foreign ones) or act as an agent on a local or foreign PI or EMI.
4. The new 4th AMLD and PSD 2 rules.
In this context, now we are facing the new 4th AML Directive and PSD 2 rules. According to Recital (37a) of the new 4th AML Directive, where Member States decide to require issuers of electronic money and payment service providers established on their territory in forms other than a branch, and whose head office is situated in another Member State, to appoint a central contact point in their territory, they may require that such a central contact point, acting on behalf of the appointing institution, ensures the establishments’ compliance with AML/CFT rules. They should also ensure that this requirement is proportionate and does not go beyond what is necessary to achieve the aim of ensuring the compliance with AML/CFT rules, including by facilitating the respective supervision.
According to Recital (38b) of the new 4th AML Directive, where an obliged entity operates establishments in another Member State, including through a network of agents or persons distributing electronic money according to Article 3 (4) of Directive 2009/110/EC, the host country’s competent authority retains responsibility for enforcing the establishment’s compliance with AML/CTF requirements, including, where apropriate, by carrying out onsite inspections and offsite monitoring and by taking appropriate and proportional measures to address serious infringements of these requirements. The host country’s competent authority should cooperate closely with the home country’s competent authority and inform the home country’s competent authority of any issues that could affect their assessment of the obliged entity’s application of group AML/CTF policies and processes. In order to remove serious infringements of AML/CFT rules that require immediate remedies, the host country’s competent authority may be empowered to apply appropriate and proportionate temporary remedial measures, applicable under similar circumstances to obliged entities under their competence, to address such serious failings, where appropriate, with the assistance of, or in cooperation with the home country’s competent authority.
According to Article 42, para. 8, of the new 4th AML Directive Member States may require issuers of electronic money as defined by Directive 2009/110/EC and payment service providers as defined by Directive 2007/64/EC established on their territory in forms other than a branch, and whose head office is situated in another Member State, to appoint a central contact point in their territory to ensure on behalf of the appointing institution compliance with AML/CFT rules and to facilitate supervision by competent authorities, including by providing competent authorities with documents and information on request.
According to Article 42, para. 9, of the new 4th AML Directive the ESAs shall develop draft regulatory technical standards on the criteria for determining the circumstances when the appointment of a central contact point pursuant to paragraph 8 is appropriate, and what the functions of the central contact points should be. The ESAs shall submit those draft regulatory technical standards to the Commission two years after the date of entry into force of the Directive. According to Article 42, para. 10, power is delegated to the Commission to adopt the regulatory technical standards referred to in paragraph 9 in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010, of Regulation (EU) No 1094/2010 and of Regulation (EU) No 1095/2010.
According to Article 45, para. 4, of the new 4th AML Directive Member States shall ensure that competent authorities of the Member State in which the obliged entity operates establishments supervise that these establishments respect the national provisions of that Member State pertaining to this Directive. In the case of the establishments referred to in Article 42(8), such supervision may include the taking of appropriate and proportionate measures to address serious failings that require immediate remedies. These measures shall be temporary and be terminated when the failings identified are addressed, including, with the assistance of or in cooperation with the home country’s competent authorities, in accordance with Article 42(1a) of this Directive.
According to Article 45, para 5, of the new 4th AML Directive Member States shall ensure that the competent authorities of the Member State in which the obliged entity operates establishments shall cooperate with the competent authorities of the Member State in which the obliged entity has its head office, to ensure effective supervision of the requirements of this Directive.
Also according new PDS 2, at Recital (31a), member States may decide to require that payment institutions operating on their territory under the right of establishment, and whose head office is situated in another Member State, appoint a central contact point in their territory, in order to facilitate the supervision of networks of agents and compliance with Title III and Title IV of this Directive. The EBA will develop draft regulatory standards setting out the criteria to determine when the appointment of a central contact point is appropriate and what its functions should be.
In this sense, Article 26a, para. 5, 6 and 7, of new PSD 2, regarding supervision of payment institutions exercising the right of establishment and freedom to provide services, Member States may require payment institutions operating on their territory through agents under the right of establishment, and whose head office is situated in another Member State, to appoint a central contact point in their territory to ensure adequate communication and information reporting on compliance with Titles III and IV, without prejudice to any provisions on anti-money laundering and countering terrorist financing provisions and to facilitate supervision by home and host competent authorities, including by providing competent authorities with documents and information on request. EBA shall develop draft regulatory technical standards setting out criteria for determining the circumstances when the appointment of a central contact point pursuant to paragraph 5 above is appropriate, and what the functions of central contact points should be. EBA shall submit these draft regulatory technical standards to the Commission within one year of the date of entry into force of this Directive. Power is delegated to the Commission to adopt the regulatory technical standards referred to in paragraph 6 in accordance with the procedure laid down in Articles 10 to 14 of Regulation (EU) No 1093/2010.
5. Some problems arising from the application of the new rules in EU Member States.
From this new system of rules derive various problems related to the supervision of the money services agents.
Now a first issue concerns how and whether Article 25, para. 3, of the PSD could be implemented in some uniform way so as to allow Home supervisors to delegate Anti Money Laundering/Countering Terrorist Financing (AML-CFT) inspections of PS agents work to Host supervisors.
A second, but not secondary issue concerns which jurisdiction’s (home or host) AML-CFT law should apply when such delegated inspections took place.
When will enter a regime the opportunity to request payment service providers as defined by Directive 2007/64/EC established on their territory in forms other than a branch, and whose head office is situated in another Member State, to appoint a central contact point in their territory to ensure on behalf of the appointing institution compliance with AML/CFT rules and to facilitate supervision by competent authorities, we will run the serious risk of an asymmetric supervision of agents.
In my opinion, instead we would need – just to avoid reduced competition between the laws of the Member States in the implementation of the new EU Directives – as fast as possible harmonization of procedures for the supervision of payment institutions by agents.
We need a common approach to the regulation of cross border PS agents within Europe at present, to counter the risk of violation domestic law and distortion of competition within a local market because of uncontrolled AML/CFT measures by using a huge network of agents. We need a ‘standardised’ and uniform approach, so as to consider the justified interests of the PS industry to get predictable regulatory conditions.
BERGSTROM M. – SVEDBERG HELGESSON K. – MORTH U., "A New Role for For-Profit Actors? The Case of Anti-Money Laundering and Risk Management" in Journal of Common Market Studies, 2011, Vol.49, 5, 1043
VAN DEN BROEK M., "The EU’s preventive AML/CFT policy: asymmetrical harmonization", in Journal of Money Laundering Control, 2011, Vol. 14, 2, 170
BUISMAN S., "The Influence of the European Legislator on the National Criminal Law of Member States: It is All in the Combination Chosen", in Utrecht Law Review, 2011, Vol. 7, No. 3
COSTA S.," Implementing the New Anti-Money Laundering Directive in Europe: Legal and Enforcement Issues - The Italian Case", Paolo Baffi Centre Research Paper No. 2008-13, 2013
FRATANGELO P., International anti-money laundering policies and the protection of financial integrity, in R. Miccù - D. Siclari (ed.), Advanced Law for Economics. Selected Essays, Turin, Giappichelli, 2014
FRATANGELO P., Prevention and Countering of Money Laundering and Terrorism Financing, in D. Siclari (ed.), Italian Banking and Financial Law. I. Supervisory Authorities and Supervision, Palgrave Macmillan, 2015
HERLIN-KARNELL E., "Constructing Europe's Area of Freedom, Security and Justice Through the Framework of ‘Regulation’: A Cascade of Market Based Challenges in the EU's Fight Against Financial Crime", in German Law Journal, 2014
KOMAREK J., "Legal Professional Privilege and the EU’s Fight Against Money Laundering", in Civil Justice Quarterly, 2008, Vol. 27
MASCIANDARO D. - VOLPICELLA A., "Economics and Politics in Designing Supervision: The Case of the FIUs Against Money Laundering", Paolo Baffi Center Research Paper No. 2014-156, 2014
RUCE P.J., "Anti-Money Laundering: The Challenges of Know Your Customer Legislation for Private Bankers and the Hidden Benefits for Relationship Management (‘The Bright Side of Knowing Your Customer’)", in Banking Law Journal, 2011, Vol. 128, No. 6, 548
SIMSER J., "Money laundering: emerging threats and trends", in Journal of Money Laundering Control, 2013, Vol. 16, 1, 41
USMAN KEMAL M., "Anti-money laundering regulations and its effectiveness", in Journal of Money Laundering Control, 2014, Vol. 17, 4, 416
Editor: Domenico SICLARI