Let’s start by saying that the 6th Anti-Money Laundering (AMLD6) is part of a broader effort of the EU Commission to tackle Money Laundering. The Commission is giving a more dynamic and international character to its approach, by further expanding the definition of money laundering and related predicated offences – now increased to 22 – and including environmental crime, cyber-crime, and certain tax crimes. The directive is also setting stricter punishments for non-compliance for both legal and natural persons and aligns with Financial Action Task Force’s (FATF) revised Recommendations and approach towards third countries – as a country being listed by FATF will now also be listed by the EU.
The AMLD6 is also enhancing Financial Intelligence Unit (FIU) coordination and cooperation, which leads to more efficient results. Moreover, we see the introduction of new rules and minimum standards to be followed by domestic supervisors and a more convergent approach towards these standards via the Anti-Money Laundering Authority (AMLA). AMLA will have a more centralised role in terms of AML/CFT supervision in cooperation with the national authorities.
Compared to its predecessors, the AMLD6 does not require the obliged entities to introduce heavy changes in their AML policies and procedures. However, it should be noted that the term ‘property’ in the new definition of money laundering now also includes tangible and intangible, electronic or digital, assets, and the conversion or transfer, concealment, and acquisition or possession of such property derived from criminal activity is punishable as a criminal offence.
Additionally, the issue of territoriality is important as this would extend to criminal proceeds that have derived from another member state or a third country. Whereas the conduct of the individual or legal entity would be considered criminal activity.
These changes directly affect all obliged entities as we can observe increased corporate accountability with the shifting of responsibility to senior management and to the personnel of a corporation. Moreover, AMLA will directly supervise a limited number of selected obliged entities in the financial sector, from 2025 onward.
Companies operating in a transnational environment will need to take into consideration these changes and pay close attention to the determination of the source of funds of their clients, as well as the dual criminality factor.
Most companies operating in the crypto sector have transnational activities. These activities will now need to be in line with FATF’s Recommendations and Guidance, especially with Recommendation 15 (New Technologies), Recommendation 16 (Wire Transfers, also known as the ‘Travel Rule’), and Interpretive Notes to them. Companies operating in the crypto sector will now need to have a proper licence (not just a registration for AML purposes) and collect originator and beneficiary information for all their digital assets – meaning they must know exactly where their assets are coming from and being sent to.
The use of Anonymity Enhanced Cryptocurrencies (AECs) or Privacy Coins should be avoided, and full tracing ability must be observed across the entire digital asset journey. The breaking of the tracing chain in the exchange (crypto to crypto exchanges) should also be avoided. Lifting the pseudonymity element and ensuring accurate identification of both originator and beneficiary of the assets can be challenging – especially for exchanges cooperating with un-hosted wallets. But there are solutions already available that can assist with tackling this issue.
The AMLD6 is the EU Commission’s modern, collaborative approach to fighting Money Laundering.
Despite there only being one direct mention of the term ‘virtual currencies’ in AMLD6, the fact that FATF’s Recommendations are being taken into a particular account, practically means that the EU is in line with FATF Recommendations.
By aligning with Recommendation 15 (New Technologies), Recommendation 16 (Wire Transfers, also known as the ‘Travel Rule’), and Interpretive Notes to them, the proper guidelines are being set for a more consistent and homogeneous approach. One can highlight the demand for Virtual Asset Service Providers (VASPs) or Crypto Asset Service Providers (CASPs) to apply customer due diligence measures when carrying out transactions amounting to EUR 1,000 or more and the added measures, as described in the previous question, to mitigate risks in relation to transactions with self-hosted wallets.
Moreover, the increased sanctions for non-compliance and the inclusion of legal entities in the liability spectrum is also a factor that could be potentially preventive for potential wrongdoing.
3rd December 2020 was the date that Member States had to transpose the AMLD6 into their national laws, whilst businesses had a grace period that lasted until 3rd June 2021. Many countries have missed this deadline. On 7th December 2022, the Council agreed on a new position for closing possible loopholes in the existing regulatory framework. So, monitoring the website of the relevant regulator per jurisdiction is the appropriate path for this.
AMLD6 will be enforced via the transposition of its provisions in the domestic legislation of each Member State, with the option for Member states to apply stricter rules. AMLD6 will also be part of the new EU AML Rulebook.
The sanctions that can be applied vary. In cases where the damage from the breach can be determined, the fine is at least twice the amount derived from the breach or a minimum of EUR 1 000 000.
In cases where the obliged entity implicated is a credit or financial institution, the fines for a legal person can mount up to at least EUR 10 000 000 or 10 % of the company’s total annual turnover – as reported in the latest available accounts approved by the management body. If it’s a parent or subsidiary, then the equivalent from the latest consolidated accounts is approved by the management body of the ultimate parent undertaking. In the case of a natural person, the fine is at least EUR 5 000 000.
Sanctions for companies that committed or attempted to commit money laundering, could include exclusion from access to public funding, confiscation of business assets, placement under judicial supervision, or even closure of business.
It is also implied that senior management may be held accountable for any subsequent money laundering if a company fails to implement AML/CFT measures effectively.
AMLD6 also amends the minimum imprisonment for money laundering offences from one year to four years.
This is a very good indicator of the EU’s efforts to tackle money laundering via harmonisation of the repercussions throughout the Member States and its commitment towards more sustainable economic growth for the Union.
Firstly, compliance culture is the most important part. Compliance tone should always be given from the top, and this is the spirit of the AMLD6.
Secondly, financial institutions and other affected entities should ensure appropriate training is provided to their employees. Training helps with ensuring everyone across the organisation understands what AML/CFT is, how suspicious transactions or behaviour can be recognised, what is each employee’s liability and what is at stake in case of non-compliance since it’s a collective obligation.
Thirdly, via the update of their policies with the updated definitions, obliged entities are called to measure their exposure and risk, at both national and transnational levels, and ensure that enhanced transaction monitoring procedures and appropriate Customer Due Diligence and adverse media screening are in place.
Local nuances in the transposition should always be expected. Should an entity operate on a transnational basis, it should always consider the maximum jurisdictional approach.
Lastly, for best compliance practices, one should always consult the FATF Recommendations, as well as instruments of other international organisations and bodies active in the fight against money laundering and terrorist financing, in addition to AMLD6.
This editorial was initially published in the Financial Crime and Fraud Report 2023 which dives into the captivating world of fraud management, digital onboarding, and financial crime in the financial services industry. You can download your free copy here.
Nuvei's AML Compliance Officer, Antonia, guides and trains global staff on AML and regulatory compliance. With 15 years of financial services experience, she's knowledgeable in VASPs European Regulatory Framework, M&As, and Blockchain, and is certified in CAMS and CySEC's AML. Antonia holds multiple degrees and speaks four languages.
Nuvei is designed to accelerate your business. Our future-proof technology allows companies to accept cutting-edge payment options, optimise new revenue streams, and get the most out of their stack — all on one platform.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now