EU publishes legislative package to overhaul anti-money laundering and counter-terrorist financing legislation

Combating money laundering has long been high on the EU’s legislative agenda. In our May 2020 blogpost, we outlined the European Commission’s action plan for a future comprehensive EU policy on preventing money laundering. Today, the Commission’s much-anticipated legislative package was finally published. Given the impact an overhauled EU anti-money laundering (AML) and counter-terrorist financing (CTF) legislation will have on all economic sectors in Europe, there had been much speculation in advance about the package (see our February 2021 blogpost for what we expected). Now we have clarity as to where the European AML/CFT road is headed:

The main pillars of today’s package are two draft Regulations. One to establish an EU single rulebook on AML/CFT and the second to create a new AML/CFT supervisory authority at EU level.

In addition, the package includes legislative proposals for a new AML/CFT Directive repealing the currently applicable 5th Anti-Money Laundering Directive.

Note that the now proposed Regulations will be directly applicable law once passed in Brussels. Transposition into national law, as was the case with the Anti Money Laundering Directives (AMLDs) in the past, will no longer be necessary. 

EUsingle rulebook on AML/CFT

Establishing a single AML/CFT rulebook on EU level will end today's national patchwork of differing AML laws and regulations and facilitate the work of the new EU AML authority.

According to the draft Regulation, largely uniform EU standards will apply, covering the most important aspects of AML, such as customer due diligence, reporting obligations and beneficial ownership information.

The Commission plans to expand the list of obliged entities to cover – among others – a wider range of Crypto Asset Service Providers (CASPs), crowdfunding services, consumer and mortgage creditors and credit intermediaries for such credits. In return, traders in goods – which are currently subject to certain AML requirements – would be removed from the list except for dealers in precious metal and stones. Note that national legislation setting out stricter rules for trader of goods, as currently enacted in e.g. Germany, will still apply.   

When the draft legislation becomes law, credit and financial institutions would also be obliged to conduct customer due diligence when initiating or executing occasional transactions transfers of cryptoassets of EUR 1,000 or more. To further mitigate money laundering risks, the draft Regulation prevents traders in goods or services from accepting cash payments of EUR 10,000 or more for a single purchase and introduces additional regulations regarding cryptocurrencies, e.g. a ban on the provision and custody of anonymous cryptoasset wallets.

Once approved by co-legislators, the Regulation will apply 3 years after the date of entry into force.

New EU AML authority (AMLA)

As we anticipated in our February 2021 blogpost, the Commission's proposal envisages to assign the AML/CFT supervisory mandate to a new EU regulatory agency, the EU Authority for Countering Anti-Money Laundering and Countering the Financing of Terrorism (Anti-Money Laundering Authority, AMLA), instead of entrusting the European Banking Authority (EBA) or European Central Bank (ECB) with this task. The AMLA will be established as of 1 January 2023 and is designed to act as the centrepiece of an integrated AML/CFT supervisory system and to act alongside the national AML authorities.

From early 2026, the AMLA will also take direct supervision of selected credit and financial institutions deemed to be at highest AML/CFT risk. The AMLA will commence the first selection process on 1 July 2025. The list of who falls under this direct supervision will be updated every three years. Most likely, major international financial institutions will fall under direct supervision.

When exercising direct supervision, the AMLA will be able to impose sanctions on companies of up to a maximum of 10% of their yearly turnover. The AMLA will also coordinate national supervisory authorities and assist them to increase their effectiveness in enforcing the single rulebook.

The AMLA is supposed to have a staff of 250 and a budget of EUR 45.6 million, of which approximately 75 percent are expected to be financed from obliged entities’ fees and the rest from the EU budget. To give these figures some context, the EBA has a staff of 208 and 60 percent of its roughly EUR 50 million budget comes from national supervisory authorities and the rest from the EU budget. AMLA shall be established on 1 January 2023 according to the proposal.

Accompanying AMLD and Regulation EU 2015/847 recasts

Another objective of today’s legislative package is to enhance the coordination system for the member states’ financial intelligence units (FIUs) and to improve cooperation with other supervisory authorities competent for financial and credit institutions. To this end, the draft Directive sets out minimum standards and mandates the new AMLA to issue guidelines. The proposal also specifies that – in case of a founded Suspicious Activity Report (SAR) – the respective FIU must exercise its competence to suspend the transaction within 48 hours of receiving the report and extends the powers to suspend the use of bank accounts in justified circumstances. Speed is key to effectively preventing money laundering. In Germany last year, a prosecutors even raided the German FIU on obstruction of justice charges because it had built up too large a backlog and was not processing SARs quickly enough.

The proposed recast of Regulation EU 2015/847 -- the Fund Transfer Regulation  -- extends the information requirements currently applicable to wire transfers also to crypto assets transfers and applies the so-called “travel rule” recommended by the FATF to such transfers. The rule obliges the originator’s cryptoasset services providers (CASP) to ensure that transfers of cryptoassets are accompanied by certain data identifying both the originator and beneficiary when possible. The beneficiary’s CASP must implement effective procedures to detect missing information.

Conclusions and outlook

The draft legislative package offers both opportunities and risks for multinational companies. The directly applicable EU single rulebook regulation could reduce complexity, since companies could expect (largely) uniform standards across the EU and would no longer need to adjust their AML system to national particularities. Uniform standards are welcome as they will provide for more detailed regulatory guidance, for instance, in the areas of cross-border correspondent banking relationships and outsourcing. In addition, we can expect the Commission and the new EU AML authority to publish regulatory and technical standards and guidelines, which should ideally not lead to even stricter regulatory requirements, but to more clarity of the expectations of the legislator and the regulators.

On the other hand, the package follows the global trend towards stricter regulation of corporate conduct and more aggressive enforcement of violations. It is not yet apparent how the envisaged AMLA will exercise its direct supervisory mandate for major financial institutions and what influence it will exert on national AML authorities. In our experience, new regulators with vast powers to sanction financial institutions will use such powers.

Legislative elements of the package will now go through the EU’s legislative process, which usually takes between 12 to 18 months We expect a high level of ambition, especially from the European Parliament, and for the location of AMLA to be a political sticking point (especially with other recently proposed legislation, such as on cryptoassets and digital operational resilience, proposing additional European supervisory/oversight powers) among the Member States.

If you would like to discuss the proposals in more detail, please get in touch with your contacts in our regulatory (Alexander Glos, Janina Heinz, Marius Raetz) and white collar and compliance (Daniel Travers, Marcel Michaelis) team. You can also reach out to Natalie Pettinger Kearney or Victor Garcia Lopez in our EU Regulatory and Public Affairs team, who are following the legislative process closely.

We will go into more detail on the individual elements of the legislative package in a blog series within the next weeks.

Further information:

Together with today’s proposals, the Commission also published a Q&A document, as well as a factsheet, explanatory video and impact assessment.