The fourth Anti-Money Laundering Directive of the European Union was adopted on June 26, 2015, as a response to the changing requirements involved in the fight against money laundering. The EEA states had until June 26, 2017, to transpose the minimum requirements stipulated into national legislation. The differing degrees of strictness with which the member states abide by the Directive are reflected in their individual interpretations, with Germany complying comparatively closely with the minimum requirements. This can be seen in the mere scope of the newly introduced Geldwäschegesetz (Anti-Money Laundering Act). With 17 paragraphs divided into four sections, this was previously quite brief, but it now consists of 59 paragraphs divided into seven sections.
Additional Scope of Application
The number of those obligated to adhere to the Act has been significantly increased. This now includes self-employed traders who carry out payment services on behalf of a CRR credit institution, as well as almost all the operators and brokers of gambling services, and insurance companies who grant loans. The scope of application of the new money laundering directive has been expanded both in a horizontal sense as well as in terms of the detail of the requirements. For example, the legal situation regarding the trade of goods was detailed further. Cash payments made in Germany are already subject to complete due diligence and identification obligations if they are equal to or greater than €10,000. The EU guidelines had previously drawn the line at €15,000.
Close attention was paid to the measures aimed at creating additional transparency. The law coming into force requires a central register to be kept in order to record the economic beneficiaries of any business relationship. Legal persons are obligated to keep up-to-date information about their beneficiaries and forward this information to a central register. This register is to be managed by the member states, and information will be compared across the EU. The proper management of this register requires additional expenditure, which must be borne entirely by the companies. However, this makes it easier for companies to assess potential business partners themselves. In Germany, the control of the transparency register is the responsibility of the Federal Ministry of Finance.
The risk-based approach is affected by a large-scale change: while previously predefined cases specified the risk of money laundering as being either minor or increased, the fourth Anti Money-Laundering Directive now requires each individual business relationship and transaction to be assessed in order to determine the specific risk of money laundering. Circumstances which would have previously automatically led to a classification are now considered as individual “risk factors”, which are to be subject to a risk assessment after an overall assessment is carried out. In the future, the fact that the customer is a listed company or a domestic authority will not necessarily lead to a reduced risk assessment. The risk factor guidelines, published by the European Supervisory Authorities (the ESAs), can be used as an aid for this purpose. The interpretation and final assessment of the risk factors and possible misjudgments are the responsibility of those subject to the guidelines. Furthermore, the penalties for violations of the money laundering legislation have been increased. The maximum penalty now stands at €5 million, or 10% of total annual turnover, instead of the previous figure of €100,000.
Germany has already formally attached particular importance to the risk-based approach in the Act by giving it its own section. In addition to the measures stipulated, Germany is calling upon the parent companies of groups to prepare a risk analysis for their entire group. This was previously only a requirement for companies operating in the financial sector. The current definition of a “group” also denotes companies in which the parent company holds shares.
The additional requirements mentioned are leading to a significant change in AML (anti-money laundering)/compliance structures in the companies of those subject to the guidelines.
Due Diligence Obligations
While the contents regarding customer identification for those subject to the guidelines have hardly changed in the EU Directive, there is a new addition in the German transposition. The recognition of electronic signatures, which was already included in the eIDAS regulation, is now also taken into account in the money laundering legislation. In this respect, the German Federal Ministries of Finance and the Interior have the opportunity to work together to establish further requirements and to identify suitable and appropriate identification procedures.
In line with the risk-based approach, simplified due diligence obligations can also be applied to customer identification, provided that customers and products are determined to be low risk. The facilitations afforded allow those subject to the guidelines to reduce the due diligence obligations appropriately. In this respect (and in addition to full verification), Germany allows identification based on the customer’s identification documents, which must be of a strictly predefined form and consist of data and documents from reliable and independent sources. It will be interesting to see which procedures and data sources are considered to be permissible and appropriate.
The requirements for e-money institutions have also been adapted in connection to customer identification. If certain limitations and prerequisites are adhered to, there is no need for customer identification to be carried out. A key criterion determining permissibility is if there is limited availability of the means of payment. This was adjusted in the 4th AML Act. Previously, a maximum of €150 could be stored electronically and €2,500 could be turned over annually. However, it is now possible to store a maximum of €250 (€500 if the money is spent domestically). Furthermore, €250 can be turned over every month, and €2,500 every year.
In addition, e-money products are limited to the payment of goods and services in the 4th AML Act. This implicitly excludes the provision of P2P features.
Even in the case of these limitations, German regulation goes a step further: The simplified due diligence obligations are only applicable if a maximum of €100 is turned over on a monthly basis and the sum stored electronically does not exceed €100.
The more stringent regulation poses a risk for the business models of e-money providers based in Germany and provides a possible explanation for the fact that there are only six licensed e-money institutions in Germany, whereas companies such as Amazon, Facebook and Mercedes Pay have registered e-money institutions in other European counties (including Luxembourg and Ireland). These e-money institutions are no longer subject to German legislation, but still have equal access to the reference accounts of German customers through the Single European Payments Area (SEPA), just as e-money institutes based in Germany do.
Compliance with money laundering regulations is affecting a larger number of companies, and is becoming increasingly complex and tightly sanctioned. The transposing of the directive into national legislation is increasingly becoming a competitive factor within the diverse single market for payment transactions that is being created by the European Union.
Figure: Interpretation of the 4th Anti-Money Laundering Directive in Germany