While there are fewer big changes than previous directives, 6AMLD brings clarity to specific regulatory details to close loopholes, toughen penalties, and encourage greater cooperation. Its goal is to empower financial institutions and states to do more in the fight against money laundering and the financing of terrorism.
Supercharged by the pandemic, there has been an increasing push for digitalisation in financial services. While an excellent move overall, it does create opportunities for cybercriminals to evolve and expand their financial crime methods. 6AMLD was quickly pushed through to address these growing threats.
Definition of money laundering across borders
6AMLD provides more clarity around the definition of money laundering to remove gaps in member states' domestic legislation that could see criminals avoid prosecution. It has done this by expanding the list of predicate offences, and therefore the regulatory scope of the directive, to include 22 different offences which now directly constitute money laundering.
This new list is significant as it represents the first time cybercrime has been featured in this context in an EU Money Laundering Directive, highlighting this growing problem. The list also includes insider trading, aiding and abetting money laundering, environmental crime, and human trafficking and migrant smuggling. This list makes it much easier for member states to investigate and prosecute, particularly in growing areas of fraud.
It also means financial institutions need to train or retrain employees and adjust their AML and know your customer (KYC) programmes to ensure that they can successfully detect suspicious activities linked to the predicate offences.
Criminal liability extended
Prior to 6AMLD, only individuals could be prosecuted for money laundering offences. This will change as criminal liability is extended to cover any ‘legal persons’ involved – like companies and partnerships. ‘Legal persons’ might be individuals or businesses acting on the company’s behalf, for example, consultants, lawyers, or accountants. Under 6AMLD, individuals and firms can both be prosecuted for money laundering crimes simultaneously or separately.
Those in financial services need to understand that individuals and companies are not only liable if they have committed or aided and abetted money laundering activity. The new Directive also takes into account ‘acts of omission’ too. This could be when individuals in key, senior positions, such as a director, have failed to ensure the proper compliance controls are in place to identify and prevent a crime from occurring.
6AMLD requires EU member states to bring in more stringent penalties. All must increase the set minimum prison term from just one year to at least four years for money laundering offences.
It includes tougher punishments for corporate offenders, too, with much harsher sanctions in line with those for individual offenders. Sanctions include: being disqualified from the practice of commercial activities, whether permanently or temporarily; going under judicial supervision; or the closure of the business used for committing the offence.
The increase in prison sentence length, coupled with harsher financial penalties, demonstrates the EU's mounting resolve to crack down on money laundering to bring consistency to AML/CFT regulation across all member states. Criminals and firms alike are on notice – harsher punishments are on the way.
Greater cooperation and jurisdiction
Money laundering may involve criminality across the borders of EU member states. Someone may commit a crime in one jurisdiction before laundering financial proceeds in another.
6AMLD addresses this issue of dual criminality by introducing specific information sharing requirements. As part of this process, the member states involved in a prosecution will collaborate to centralise legal proceedings within a single jurisdiction. The Directive sets out a range of factors for states to consider when deciding how and where to conduct prosecutions. These include the victims’ country of origin, nationality or residence of the offender, and jurisdiction in which the offence took place.
It’s important to realise that with 6AMLD member states must criminalise money laundering linked to six specified predicate offences, even if that conduct is lawful in the jurisdiction where it was committed. These six offences include: participation in an organised crime group and racketeering; terrorism; human trafficking and migrant smuggling; sexual exploitation (including children); illicit trafficking in narcotics and psychotropic substances; and corruption.
UK based financial services businesses
The UK has decided to opt-out of complying with further AML regulation as the Government believes that domestic legislation is already largely compliant with the Directive’s measures and, in many cases, goes further than what 6AMLD proposes. For example, in the UK, the maximum penalty for money laundering is fourteen years, exceeding the new four-year minimum required by 6AMLD; and aiding and abetting offences of assisting, encouraging, and attempting to launder money is already a criminal matter.
However, it is important to note that UK-based businesses in the financial sector that operate within the EU jurisdiction will need to comply with the changes set out in 6AMLD.
Access to clean global consumer data for successful AML / KYC screening
To be ready for 6AMLD, those in financial services need to know their customers, whoever they are. The key is to have access to billions of consumer records worldwide from reputable data streams; these include government agencies, credit agencies, and utility records for cross-check and verification purposes. It is particularly important to obtain confirmation of vital proof of address. Having access to up-to-date watch lists, such as politically exposed persons (PEP) data as part of this dataset is also crucial.
From a customer experience standpoint, the checks leveraging this data must take place in real time to avoid slowing the customer onboarding process. This data should also originate from a single source to avoid the need for numerous costly suppliers in different markets. This issue often results in inconsistent ID data and supply chain management issues.
MRZ and ORC ID document scanning and biometrics will support 6AMLD compliance
When it comes to remote onboarding, financial institutions must use machine readable zone (MRZ) and optical character recognition (OCR) technologies to collect customer ID and extract crucial information. This ensures the ID is genuine and validated in real time. The photo ID embedded in these scanned documents supports biometric ID verification, such as facial recognition, which can also help securely speed up customer engagements.
However, the biometric technology must deliver liveness checks, such as eye movement, for proof of life confirmation. This is vital with fraudsters increasingly using creative methods like 2D images and video playback to try to trick facial recognition technology and ‘prove’ they are the person they are impersonating. In fact, this process can lead to financial services organisations receiving a due diligence report related to AML and KYC that can be used to demonstrate their compliance when it comes to regulatory checks.
To prevent money laundering and avoid severe sanctions, financial services businesses operating within the EU must understand and be ready for 6AMLD by the June deadline. Ideally, this should involve having access to billions of consumer records worldwide for cross-check and ID verification purposes, helping identify individuals across borders. They should also undertake document scanning with MRZ and ORC technology, which will also enable delivery of biometrics that help to securely speed up engagement with customers. Adopting these processes will lessen the burden of compliance and equip financial institutions for more stringent global regulations in the future.