The Fifth Anti-Money Laundering Directive (5AMLD) is set to have a big impact on the payments and wider financial services sector. 5AMLD is designed to further restrict access to financial services by criminals, strengthening transparency rules to prevent large-scale concealment of funds.
Amidst concerns over the terrorist threat, demands for greater tax and anti-money laundering (AML) transparency, and the requirement to regulate evolving blockchain and cryptocurrency marketplaces, the directive is set to become law throughout the EU on January 10, 2020. An evolution of 2017’s 4AMLD, the directive keeps the EU firmly on the front foot in the fight against financial crime whilst improving protection for consumers and businesses.
Is your regulated business ready for the new compliance requirements?
Bringing regulation to the cryptocurrency industry
5AMLD designates cryptocurrencies as “obliged entities,” set to face the same regulations applied to financial institutions under 4AMLD, including combating the financing of terrorism (CFT) and AML. This involves an obligation to perform customer due diligence, and submit suspicious activity reports. Furthermore, 5AMLD mandates EU Financial Intelligence Units (FIU) to obtain the addresses and identities of owners of virtual currency – pushing back against the anonymity associated with the use of cryptocurrency.
Removing anonymity from prepaid cards
5AMLD focuses on tackling risks linked to anonymous prepaid cards. Payment companies will be required to carry out checks on customers using cards funded with more than €150, down from €250 under 4AMLD. Furthermore, payment service providers need to make sure that those authorising a remote payment over €50 are identified. In three years, KYC will apply to all remote payments. Prepaid cards issued outside the EU will be prohibited unless issued from a territory enforcing legislation equivalent to the EU’s AML / CFT and KYC standards.
Know your business rather than KYC
While 4AMLD was focused on financial services knowing more about their customer (KYC), 5AMLD is very much about ‘know your business’. The EU is keen to crack down on companies used as a front for money laundering. So, while regulated businesses must carry out checks on their customers for KYC purposes, they will have to implement checks on the businesses they trade with as well. Data quality tools that enhance business as well as customer information in real-time will be crucial in meeting this standard.
To improve transparency, EU member states are each required to create and share with other members a national register of beneficial ownership information on businesses, including trusts and holders of safe-deposit boxes. This not only pertains to majority shareholders, but to even those with just a 25% stake or more in the business. The ruling concerns itself with whether an individual may be using a business they partly own for illegal activities.
Proof of company registration or an excerpt from the register must be collected by regulated organisations to identify and verify the clients’ ultimate beneficial owners before starting a new business relationship. Additionally, full access to this information will be available to the public.
Increased checks on risky third countries
The new law requires stronger checks on financial flows from risky third countries into the EU. The EU has created and maintains a harmonised list of non-EU countries with deficiencies in their AML protocols, available for businesses to access. Organisations must in turn update their due diligence processes to ensure full compliance.
Penalties for non-compliance
Failure to adhere to this new directive carries the risk of significant regulatory and law enforcement action, with fines of up to €5m or 10% of annual turnover – along with the negative publicity and reputational damage associated with such a penalty. Also, management could be potentially banned from running a regulated business, which itself could be blocked from trading activities as a result of compliance violations.
Compliance is driven by smart data quality
To be ready for 5AMLD, those in financial services must be able to adequately know their customers, whoever they are. This means having access to billions of records worldwide for verification of passports, driver licences and ID cards, and confirmation of vital proof of address. Access to up-to-date watch lists, such as politically exposed persons data, is also crucial. From a customer experience stance, the checks leveraging this data must take place in real-time to avoid slowing the customer onboarding process or cause inconvenience, even during sophisticated operations such as biometric validation and liveness tests. Also, it’s preferable that this data originates from a single source to avoid the need for numerous costly suppliers in different markets – an issue which often results in inconsistent ID data and supply chain management issues.
Accessing such data is the best way to lessen the burden of compliance, which is important considering nearly two thirds of the financial services firms surveyed by Thomson Reuters in 2018 expect their total compliance budget to be slightly or significantly more over the next 12 months.
Regulated businesses in payments and financial services need to be ready for the new directive as it will have a significant impact on how these organisations can conduct due diligence and onboard new customers. Those that understand data quality’s role in becoming compliant quickly will have a clear business advantage early in 2020.