The EU money laundering package
Overview
On May 30, 2024, the European Parliament and the European Council agreed on the final elements of the EU anti-money laundering package, which will create a stronger and more coherent legal framework to combat money laundering and terrorist financing. The aim of the package is to harmonize the rules in the EU and close gaps that have arisen due to inconsistent application of the law in order to support the fight against financial crime, ensure financial stability and security in Europe, and protect the integrity of the financial markets.
The package consists of four legal acts:
- AMLD6 - Directive on the mechanisms to be established to combat money laundering and terrorist financing
- AMLR - Regulation on private sector obligations to combat money laundering and terrorist financing
- AMLAR - Regulation establishing an EU authority for combating money laundering and terrorist financing
- Recast of the Money Transfers Regulation
6th Anti-Money Laundering Directive
The 6th Anti-Money Laundering Directive (AMLD6) focuses mainly on clarifying the tasks and powers of the FIUs and national supervisory authorities. A key objective is to improve cooperation and the exchange of information between supervisory authorities and to strengthen the national transparency registers for beneficial owners.
These measures are intended to facilitate the identification of beneficial owners, clearly define complex ownership and control structures, introduce a standard reporting form, and identify sanctioned persons. According to a ruling by the European Court of Justice, access to these registers is primarily intended for competent authorities and legitimate interested parties such as journalists and non-governmental organizations. General public access is therefore no longer possible. The planned introduction of the BARIS bank account register by mid-2029 will give the AMLA, the FIUs (Financial Intelligence Units) and the national supervisory authorities direct access to the relevant information.
FIUs play a crucial role in information sharing by collecting, analyzing, and exchanging important information via the secure "FIU.net" network.
In addition, anti-money laundering oversight will be extended to non-financial exposed sectors. New sanctions include fines with an upper limit of at least EUR 10 million or 10% of the total annual turnover of credit and financial institutions as well as other administrative measures such as the requirement to change the management structure and the imposition of periodic penalty payments.
Anti-Money Laundering Regulation
The new Anti-Money Laundering Regulation (AMLR) consolidates all existing private sector regulations into a single, uniform framework, eliminates inconsistencies, and promotes full harmonization.
By extending the scope of obliged entities, it now also covers crypto service providers, trust and company service providers, crowdfunding platforms, mortgage and consumer credit intermediaries, real estate agents, as well as luxury goods dealers such as jewelers and watchmakers for transactions of EUR 10,000 or more, luxury car dealers for transactions of EUR 250,000 or more, and art dealers for transactions of more than EUR 10,000. Soccer clubs and agencies are also covered by the regulation, depending on their turnover or league affiliation. Additionally, service providers involved in transactions involving the purchase/sale of real estate and the management of crypto asset accounts are included.
Obligated entities must implement internal policies, procedures, and controls to ensure compliance. These include regular employee training, integrity checks, and disclosure of close personal or business relationships with customers. A key provision of the regulation is the identification requirement for customers for certain transactions, including transactions over EUR 10,000, crypto transactions over EUR 1,000, gambling transactions over EUR 2,000, and occasional cash payments of EUR 3,000 or more.
Depending on the customer's risk profile, enhanced or simplified due diligence obligations must be applied. Enhanced due diligence is required for politically exposed persons, very wealthy persons with assets of at least EUR 50 million, and transactions in third countries with increased risk, among others.
In addition, stricter requirements apply to the outsourcing of obligations and bans on certain business areas. In connection with the identification of beneficial owners, the regulation introduces a uniform definition, sets new thresholds, and expands the scope of reportable data.
In order to limit large cash transactions, the Regulation prohibits cash payments above EUR 10,000 for individual purchases from traders and service providers, although Member States may set lower limits.
Anti-Money Laundering Authority
By creating the EU authority ("AMLA"), which will start its work in Frankfurt in 2025, the EU is expanding its powers to combat money laundering and terrorist financing.
A key element is the direct supervisory authority over selected high-risk companies in the financial sector, which will be carried out by joint supervisory teams equipped with comprehensive decision-making and sanctioning powers. The AMLA will also coordinate the indirect supervision of non-selected companies by conducting regular thematic reviews, issuing guidelines, and involving self-regulatory bodies such as bar associations and chambers of auditors.
Another objective is to develop coordination and support mechanisms for FIUs by issuing technical implementation standards, promoting joint analysis, and creating a secure communication network (FIU.net).
Funds Transfer Regulation
The Money Transfers Regulation, which comes into force on December 30, 2024, will be expanded to include crypto transfers. It prohibits anonymous transactions and obliges providers of crypto services to comply with the "Travel Rule". This means that providers of crypto services are obliged to record and disclose information about the originators and beneficiaries of their crypto transfers.
According to the regulation, providers of crypto services are obliged to carry out specific due diligence obligations. These include verifying the identity of the sender and recipient, ensuring the accuracy of the information transmitted, recording and storing this data, and the identifiability of self-hosted addresses. Incomplete or incorrect information may result in rejection, re-transfer, or suspension of the crypto transfer.
Violations of these obligations may result in sanctions imposed by the Member States. These are aimed at crypto service providers who repeatedly fail to provide required information or fail to keep records properly. Compliance is monitored by the competent authorities.
The regulations do not apply to crypto transfers between private individuals.
Binder Grösswang's Financial Services Regulatory Team is at your disposal to assist you with the regulatory challenges!
Please note: This blog is for general information purposes only and in no way constitutes legal advice from Binder Grösswang Rechtsanwälte GmbH. The blog cannot replace individual legal advice. Binder Grösswang Rechtsanwälte GmbH accepts no liability of any kind for the content and accuracy of the blog.