EU compliance outlook for 2021: what should GCs and compliance officers be aware of?

EU lawmakers have significantly stepped up their game when it comes to compliance. Nowadays, EU directives and regulations strongly influence day-to-day compliance operations. In 2021, EU compliance legislation will increase even further.

So what do GCs and compliance officers need to do to keep up? Generally, they must:

• closely monitor EU legislative developments;
• assess what impact new laws will have on their business, its risk exposure and its existing compliance setup; and
• proactively adapt processes and compliance management systems so that applicable EU requirements will be met upon entry into force at the very latest.

Specifically, in 2021, GCs and compliance officers should pay attention to the developments set out below. 

EU directive on combating money laundering by criminal law

Member states had until late 2020 to implement the EU criminal money laundering directive (CMLD). Note that the CMLD applies directly to any member state (like Germany) that has yet to transpose the CMLD into national law. (The transposition deadline was 3 December 2020.) However, an immediate adverse effect, eg a criminal conviction directly based on the CMLD, is ruled out under European case law. 

The CMLD sets minimum requirements for combatting money laundering by means of criminal law. It achieves this by establishing an EU-wide minimum standard for the type of conduct that constitutes the crime of money laundering.

However, in practice, the CMLD’s scope goes somewhat beyond core criminal law. This is because national anti-money laundering (AML) laws often base regulatory requirements on preventing the crime of money laundering. Thus, if the definition of the crime is extended, regulatory requirements may be extended as well. This is true, for example, for suspicious activity reporting (SAR) obligations of financial institutions and other entities subject to EU or national AML laws. If more conduct falls under the definition of money laundering, more reports will usually have to be filed.

Germany will not be a latecomer to the CMLD for much longer. The German Ministry of Justice has been anything but inactive and has a draft implementation law in the pipeline that will make quite a splash once it is passed by the Bundestag and comes into effect. This could be as early as in a few weeks’ time.

The German draft goes far beyond the minimum requirements of the CMLD. Specifically, it adopts an all-crimes approach. This means that every offence, even petty crimes, may constitute a predicate offence for money laundering, making it illegal to handle the proceeds of any crime. (For further details, see our August and November 2020 blog posts.) As a result, the German law will become one of the world’s most rigorous criminal statutes on money laundering.

Expanding criminal liability across the EU will increase the amount of funds in European bank accounts that are considered ‘dirty’. What sounds very abstract has a direct impact on how companies must do business. GCs and compliance officers must thoroughly analyse and assess their company's AML risk profile. In particular, companies subject to the German Anti-Money-Laundering Act (Geldwäschegesetz) should update their current AML compliance system and carefully review their SAR processes.

EU directive on the protection of whistleblowers

Another area of criminal compliance to keep an eye on in 2021 is the protection of whistleblowers. Whistleblowers can play an important role in exposing corporate wrongdoing but may sometimes face serious retaliation such as termination or even criminal prosecution. To encourage whistleblowers to speak up and to provide effective protection once they do, in 2019, the EU issued a directive on whistleblower protection, which will have to be transposed into national law by 17 December 2021.

Many member states will have to substantially adapt their national laws, especially labour law, criminal law and criminal procedure. Importantly, under the directive, a whistleblower must be protected even if they contact external parties such as the press or law enforcement instead of internal whistleblower hotlines. 

While the scope of the directive is limited and only provides a minimum standard for whistleblowers reporting breaches of EU law, its impact will go far beyond that. For many companies, a practical solution will be to extend the protection required by the directive to all whistleblowers, even those reporting violations of national law.

Some member states will make such a position mandatory. Like the CMLD, the whistleblower protection directive sets only minimum standards and member states are free to provide broader protection. 

Germany, for example, is expected to go beyond the minimum standard and provide comprehensive protection for all whistleblowers. In December 2020, the Federal Ministry of Justice reportedly finalised a draft bill (Hinweisgeberschutzgesetz – Whistleblower Protection Act) that is not yet public. We will report once we see a draft, likely within the next few months.

We also believe it is likely that a bill will be enacted before the autumn elections. GCs and compliance officers should monitor developments closely.

Of course, measures to effectively protect whistleblowers should already be in place as they form an essential component of an effective compliance management system. In general, it is recommended that companies design their whistleblowing system in such a way that whistleblowers feel as comfortable as possible in reporting misconduct. 

Supply chain compliance

One more thing to keep an eye on in 2021 are the EU’s plans towards a European supply chain law. We expect to see an official draft EU directive by spring of 2021.

Such legislation could mean a significant additional workload for compliance departments. Last year, the legal affairs committee of the European Parliament published a study on supply chain due diligence. It found that only about a third of companies in the EU conducted careful compliance due diligence on their supply chains. (For more on the study, see our blog post.)

As a result, the committee published a draft report (PDF), including an early draft directive, which provides for very extensive due diligence obligations and goes far beyond what is currently under discussion at national level. (For more on the draft directive, see our blog post.)

The official directive, likely to be published in spring of this year, is expected to include enforcement mechanisms, including a criminal statute for repeated (even if only negligent) offences against due diligence requirements.

As the Federation of German Industries (BDI) points out, the success of a European supply chain law will strongly depend on whether its requirements are proportionate and feasible for companies to implement in practice.

However, as we may see a directive passed in the course of 2021, GCs and compliance officers are advised to monitor developments closely, as well as scrutinise their supply chains and, if necessary, adapt their compliance systems.

For more in-depth information, see our report on rethinking the supply chain.

Further outlook

Beyond 2021, we expect even more EU and national legislation to influence compliance requirements. 

The fight against money laundering and terrorist financing will certainly remain a top priority for the European Commission. A single rulebook on money laundering in the EU, currently in preparation, could come into force as early as 2022. (For more information, see our blog post.) The Commission's far-reaching proposals to further combat money laundering have become even more likely after the European Council endorsed them in its November 2020 conclusions (PDF).

In Germany, the review of the AML regime by the Financial Action Task Force (FATF) is expected to be completed in 2021, so future adjustments to national AML law based on the report seem very likely.

In addition, the introduction of a corporate criminal law in Germany, either by this or the next government, remains on the horizon. The law would likely come into force in 2023 and would have a massive impact on corporate compliance efforts.

Clearly, the compliance landscape is undergoing rapid change. Overall, we are seeing a tightening of regulations. Keeping track of further developments is an important task for GCs and compliance officers and the first step in ensuring that compliance management systems are kept up to date.