1. Home
  2. Insights and Resources
  3. Infographic
  4. 5th Money Laundering Directive

5th Money Laundering Directive:
A guide for adapting to changes in anti-money laundering compliance

The purpose of this guide is to summarise the key changes as a result of 5MLD and to support compliance teams in understanding the impact changes in money laundering regulation have on their compliance requirements.

What is the 5th money laundering directive?

The 5th money laundering directive, or 5MLD for short, is a European Union directive designed to prevent the use of the financial system for the purposes of money laundering or terrorist financing.

When will the 5th money laundering directive be implemented?

The implementation date for the 5th money laundering directive is the 10th January 2020. The transposition of this EU directive will result in amendments to the existing Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. Compliance teams and those who carry out regulated work need to understand the impact of these money laundering regulation changes on their anti-money laundering compliance requirements.

Why are the money laundering regulations changing?

As the financial landscape evolves, new channels and new financial products open up new opportunities for business and consumers, but also for financial criminals. As such, the Financial Action Task Force (FATF) has provided further guidance in a number of areas to tighten money laundering regulations and terrorist financing.

Reflecting this, the EU launched the 5MLD, adopted by the European Parliament in April 2018, hot on the heels of the 4th Money Laundering Directive. Member states are expected to integrate 5MLD into individual country AML and CFT regulations by January 2020.


The additional requirements in 5MLD have been, in part, driven by recent events:

A significant change in terrorist attacks in Europe over the last five years.

The Panama Papers leaks which identified the extent to which offshore accounts are used to disguise beneficial ownership.

The adoption of cryptocurrencies and other digital channels for money laundering, which are currently unregulated sectors.

The EU’s intent to ensure FATF anti-money laundering recommendations are implemented.

What were the main changes reflected in 4MLD?

The 4th Money Laundering Directive was adopted by the UK in the 2017 Money Laundering Regulations and reflected in the amended Joint Money Laundering Steering Group (JMLSG) guidance.


Key changes included:

Risk-based Approach

The 4th money laundering directive required obliged entities to provide evidence that they have undertaken appropriate levels of customer due diligence (CDD) to fully understand the possible money laundering risks associated with a customer, both at the onboarding stage and then throughout the entire customer relationship.

 

Beneficial Owners

4MLD mandated that organisations take steps to know the beneficial owners of corporate entities, trusts and individuals (where the transaction may be being conducted for a significant 3rd party who is not present).

Politically Exposed Persons (PEPs)

Widening the definition to include persons who hold prominent positions in their home country. After careful consideration, the 4th AML directive stated that PEPs must be monitored for a minimum period of 12 months after leaving office.

4MLD also mandated other changes, particularly in relation to record keeping and reducing limits on transaction values to trigger CDD.

The requirements of 4MLD will be retained and the money laundering regulations will be updated with the additional provisions mandated under 5MLD, which are summarised throughout this guide.

What are the key changes introduced by 5MLD?

Extension of sectors that will now become ‘obliged entities’ and in scope of the updated money laundering regulations

To include:

• Virtual Assets (VAs) – cryptocurrencies, digital tokens and other forms of digital value representation.

• Virtual Asset Service Providers (VASPs) – exchanges, digital wallet providers and all services which support VAs.

• Art Traders – where the value of transaction exceeds 10,000 euros.

In certain parts of Europe, some professional service providers such as estate agents, law firms, company service providers and accountants, were previously out of scope but will now be included. However, in the UK these sectors are already regulated.

Compliance Considerations

Newly obliged entities (Virtual Assets, Virtual Asset Service Providers and Art Dealers) who were previously out of regulatory scope will need to implement robust AML/CTF policies and procedures to comply with the money laundering regulations.

With these sectors now formally classified as higher risk under 5MLD, existing obliged entities will need to carry out a risk assessment to understand whether they are transacting in these areas and ensure they are able to conduct appropriate Customer Due Diligence checks (in the case of virtual assets this will require screening of both the sender and the beneficiary). The European Supervisory Authorities (ESA) have issued new guidelines around risk assessment, identifying risk factors for certain business sectors that obliged entities should be familiar with.

Training will be required for staff, and the firm’s Senior Management will need to engage with all new policies.

Thoughts from LexisNexis® Risk Solutions

As obliged entities extend the scope of their controls to include these new sectors, it’s a good opportunity to carry out a thorough review of the effectiveness of onboarding and screening processes. For example, if organisations are already experiencing high levels of false positives and costly alert remediation, broadening the sector base will only exacerbate the issue. Benchmarking of data, recalibrating risk settings and looking at new name screening solutions that can significantly reduce the level of false positives can dramatically improve operational effectiveness and improve customer experience.

Politically Exposed Persons

5MLD stipulates that member states will be required to keep an up-to-date list of the exact functions that qualify as prominent public functions. In addition, prominent functions of any international organisations hosted by the member state will need to be included. The European Commission aims to compile a single list of all prominent public functions, which will be made public.

Compliance Considerations

Key issues for consideration will be the accuracy and completeness of such lists, including how up to date they are. Note also that this only covers the EU region and that, outside of the EU, such lists may not exist for other countries.

Politically exposed person lists need to be accurate and conform to FATF guidelines, for global consistency. Organisations need to understand the criteria their PEP list provider is using to compile the list; how it is kept up to date; and the extent to which secondary identifiers are available to help reduce false positives. Commercial PEP list providers should also include any country specific lists such as those from EU countries, so-called micro PEP lists.

Enhanced due diligence measures will still be required if a PEP is identified.

Thoughts from LexisNexis® Risk Solutions

Obliged entities need to be confident that they are using correct PEP definitions and that the PEP data they rely upon is accurate and up to date. It is not unusual for obliged entities to experience high levels of false positives when carrying out PEP screening. As such, PEP lists (commercial or independently generated), need to be reviewed constantly to make sure the data is up to date and contains secondary identifiers such as date of birth, sex, nationality, photo and where possible, date appointed to office. Ideally, PEP data list providers should also be able to offer obliged entities:

• the opportunity to communicate directly with their research teams, to check and verify available information;

• the ability to construct network charts, showing PEP associates and linked entities.

Beneficial Owners

5MLD requires member states to maintain registers of beneficial owners of corporate and other legal entities. The information needs to be accurate and verifiable and to be made public to those with ‘legitimate interest’, although this definition may be widened to make it accessible to all, in the public domain.

Compliance Considerations

The UK has already adopted this measure, creating the register of Persons of Significant Control. However, this information is not independently verified and its governance is limited. It is likely to be some time before every country has such a register that is complete and accurate. In the meantime, obliged entities will need to review their policies and procedures for collecting UBO data, and ensure they are effective. It is likely that obliged entities will be required to report any discrepancies identified when comparing their own checks against the public register. There are also data privacy considerations that need to be taken into account, balancing the privacy rights of the individual with public interests in the prevention of money laundering and terrorist financing.

Thoughts from LexisNexis® Risk Solutions

Obtaining beneficial owner information is a huge challenge for organisations as the Panama Papers scandle highlighted. There is no ‘silver bullet’ solution. Many registries around the world simply do not publish beneficial owner information, or else the information is partial and incomplete. Whilst an obligation for all newly formed entities to self-publish this information on national registers will help in time, currently there is no process to independently check and verify this information, making it difficult to rely upon for compliance purposes.

Often organisation structures are complex and include offshore entities. As a result, unpacking ownership structures and correctly identifying beneficial owners is a specialist skill requiring experienced and highly trained staff, particularly as these are the types of organisation that are most likely to be used by financial criminals. It is advisable for obliged entities to work with an experienced provider in order to assist with this process.

Customer Due Diligence in onboarding

5MLD recognises the growing trend for the use of digital identity and electronic verification in the customer onboarding process and mandates that electronic verification should be used wherever possible. eIDAS aligned digital identity trust services can be used, when accepted by the individual member states national authority.

Compliance Considerations

This is an area driven by new technology and obliged entities of 5MLD will need to ensure they have the technological infrastructure to support digital identification in onboarding. Migration from traditional physical identification and verification methods to digital identity should not be underestimated.

Thoughts from LexisNexis® Risk Solutions

While the 5MLD stipulates that electronic identification should be used wherever possible, it is widely believed that by 2020, electronic verification will become mandatory. It is therefore prudent for all regulated firms to look at electronic solutions for anti-money laundering compliance now, in preparation for the inevitable and begin this process as soon as possible.

Enhanced Due Diligence

There is a new provision designed to create a common interpretation of what enhanced due diligence measures are, when conducting anti-money laundering checks on an entity from a high risk country. The purpose of this provision is to reduce local interpretation which can be variable. Member states will need to ensure that, when dealing with a transaction or entity based in a country where AML/CFT controls are weak, enhanced due diligence checks are applied.

Compliance Considerations

Obliged entities are advised to review their policies and procedures to ensure that when the risk based approach indicates a higher level of money laundering risk, the appropriate checks are defined, implemented and in line with 5MLD. Such checks will need to be in depth and explore the wider risk that can be encountered through associated entities or individuals, such as with PEPs.

Thoughts from LexisNexis® Risk Solutions

Many firms rely on their own resources to conduct enhanced due diligence checks, yet without the correct tools and support this can be time consuming and leave them exposed to unseen risk.

When enhanced due diligence searches rely mainly on the use of popular search engines, there is a danger of missing vital information. For example, checks on breaches of regulation, litigation cases, bankruptcy or insolvency notices require access to information that is often hidden behind firewalls or accessible only via subscription.

Knowledge of regional information sources and the ability to conduct checks in languages other than English is essential when dealing with overseas entities. Having access to local experts who know the local market and its culture will often uncover insightful information that might otherwise not be immediately obvious or readily available.

Payment Cards

In recognition of the fact that pre-paid cards are now widely used for financial crime and terror attacks, the new fifth money laundering directive requires customer due diligence to be conducted to identify holders of pre-paid cards at a reduced threshold of €150 or more and any remote payment transactions over €50.

Anti-money laundering compliance considerations in this area will require operational assessment and recalibration of payment systems to ensure the new thresholds trigger customer due diligence measures appropriately. In particular, the risk-based approach will need to reassess transactions when the source is in a high risk country, or with known poor AML controls, and when transactions are anonymous.

FIUs and Information Sharing

5MLD recognises that information sharing between Financial Intelligence Units (FIUs) plays a vital role in fighting money laundering and the financing of terrorism. Creation of central bank account and payment transaction registers and electronic data retrieval systems, to facilitate easier and quicker access of information by permitted authorities, will improve detection rates. Under 5MLD, FIUs will have the authority to obtain this information even if a Suspicious Activity Report has not been filed.

The challenge for compliance teams will be to ensure that they have the right controls and processes in place to collect, store and make customer account data available, on a timely basis and on demand.

How can LexisNexis® Risk Solutions help?

LexisNexis® Risk Solutions provides a comprehensive range of products and services that can assist firms in every area of the typical KYC/AML compliance workflow, including initial customer onboarding, customer screening for sanctions, PEPs and adverse media, alert remediation, enhanced due diligence and ongoing monitoring.

Contact us today for a no-obligation consultation.