AMLD6 is the European Union’s latest weapon for fighting financial crime. It brings additional AML regulatory requirements on obligated firms, such as banks. What are these changes? And what actions need to be taken by concerned firms?
On 3 December 2020, the 6th iteration of the European Union’s Anti-Money Laundering Directive (6AMLD) came into force. Regulated entities operating in the EU must be compliant by 3 June 2021. Obligated entities include banks, investment houses, gaming organizations, and financial services.
Building on the 5th version of the directive, 6AMLD expanded the scope of the obligations and penalties on companies handling financial transactions at volume in several ways:
Expanded Cooperation and Harmonization
Requirements have been harmonized across all countries in the EU bloc, requiring cross-border cooperation and eventual prosecution of offenders within a single, elected EU state.
An expanded list of 22 predicate offenses (crimes that create wealth which money laundering conceals) has been agreed upon and now includes cybercrime for the first time.
The addition of cybercrime to the predicate offense list means that companies operating in the FinTech environment must enhance their Know Your Customer (KYC) and Anti-Money Laundering (AML) measures due to the increased risk of non-compliance. Even e-commerce platforms are at risk when criminals target their customers at scale, and sufficiently protective measures are not in place.
Now, when predicate crimes are committed in one EU nation, and the criminal proceeds are laundered in another, there are requirements for collaboration, even when a predicate offense is not typically prosecuted within a particular member country. 6AMLD also sets out the factors that must be considered when authorities decide where and how to prosecute individuals, including country of origin, nationality, and the country where the crime was committed.
Increased Liability and Scope
Under 6AMLD, those who passively assist money laundering, or let such offenses go unreported, can be held personally liable.
Previously, only companies would primarily be held accountable. Now, individual decision-makers within an organization can also be prosecuted for crimes including “aiding and abetting”, “inciting”, or “attempting” money laundering.
Furthermore, all “legal persons”, including sole traders and partnerships, will be criminally liable for permitting illicit activities on their platforms or within their businesses.
This broader definition of wrongdoing and the expansion of who can be held liable exposes companies without suitable AML/KYC measures to significant risk. Incorporating up-to-date security measures will ensure that staff is not tempted to engage in these illicit activities.
Previously, the minimum sentence for money laundering was one year in prison. Under 6AMLD, this has been significantly increased. A four-year prison sentence is now the minimum sentence. Judicial powers to levy individual fines and restrict access to public finance have also been added.
The EU parliament sees these enhanced sentences and judicial powers as a stronger deterrent to money launderers and their enablers and a statement of more significant commitment to preventing such activities.
Measures that can be taken for 6AMLD compliance
The extension of liability, increase in penalties, and widening of the definition of money laundering offenses create a significant risk for financial institutions and businesses.
Recent years have seen an increase in automated “micro laundering“, where criminals use digital payment platforms, e-commerce sites, online games, and gig economy transactions to hide large amounts of money in thousands of small transactions. With this trend in mind, AML measures are vital for ALL firms handling digital payments.
If you can prove the identity of the individuals using your platform or service using KYC measures such as biometrics, CAPTCHA, and Multi-Factor Authentication (MFA), you are already mitigating risk. Other AML measures can be implemented, and compliance is assured when you incorporate a suite of compliance APIs into your cybersecurity and KYC measures.
AMLD6 is the 6th iteration of the European Union’s Anti-Money Laundering Directive. It builds on its predecessor, AMLD5, by bringing additional AML regulatory requirements on obligated firms, including new predicate offenses monitoring. It also emphasizes individual accountability while introducing enhanced punitive measures and mechanisms for cross-border cooperation between member states.
As such, obligated firms must establish a good understanding of the new regulatory landscape, ensuring their staff and management are trained accordingly. Firms should also examine their AML technology capability to ensure it meets the increased regulatory scope.
Obligated firms may need to:
- Update their AML/KYC compliance program, standards, and policies to reflect the enhanced regulatory environment and increased legal risk, taking into account the latest updates from FinCen and FATF.
- Establish training plans for employees to cover the implications of the enhanced AML requirements, including identifying suspicious activities associated with the expanded predicate offense list.
- Reevaluate existing risk scoring methodologies and Key Risk Indicators (KRIs) across their internal procedures and processes
- Review all customer screening processes and readjust thresholds to reflect the increased AML risk.
- Establish adverse media screening processes to identify relevant news and align them with the new KRIs.
Please reach out to learn more about how CompyCube can assist you in complying with the EU 6th Anti-Money Laundering Directive.