Getting the balance right
The European Commission’s ambitious package to tackle money-laundering and terrorist financing, while welcome, raises concerns about its potential to undermine the principle of self-regulation of the legal profession, says Cormac Little.
Last July, the European Commission announced an ambitious package of proposals aimed at modernising the EU’s anti-money-laundering (AML) and countering the financing of terrorism (CFT) regime.
Building on its action plan published in 2020, the commission’s plans include the establishment of an EU AML Authority (AMLA), the introduction of a single EU rulebook for AML/CFT, plus the full application of these rules to the crypto sector.
The commission is also proposing a rethink on how potential AML/CFT infringements from outside the EU are addressed.
While the package’s attempt to strengthen the ability of EU member states to tackle money-laundering and terrorist financing is welcome, concerns have been raised regarding its potential to undermine the principle of self-regulation of the legal profession.
Harmonisation
The July 2021 package is comprised of four specific legislative proposals:
The commission has clearly identified difficulties with the current ‘decentralised’ system. In other words, current EU AML/CFT rules, contained in the fifth AML/CFT Directive, are not enforced in the same way from EU member state to EU member state.
The various diverging/fragmented national approaches to the implementation of this directive has led to gaps through which ill-gotten gains have flowed.
In theory, the commission hopes that the proposed harmonised rules will lead to a more level playing field and reduced compliance costs for designated persons with activities across two or more EU member states. (A designated person is subject to specific obligations under AML/CFT rules, including carrying out customer due diligence on clients/customers, in addition to reporting suspicious transactions to the police and other relevant authorities. Such designated entities include banks, life insurance companies, accountancy firms, tax advisors and law firms.)
AML Authority
The proposed AMLA has two main roles. Firstly, it is designed to be at the centre of an integrated new system of EU AML/CFT supervision. Secondly, the AMLA will be tasked with supporting national financial intelligence units (FIUs) – in Ireland, this will mean collaboration between the AMLA and the Garda National Economic Crime Bureau (the Irish FIU is embedded within the GNECB).
The commission intends the AMLA to become the centre of an integrated system of national supervisory authorities, with a view to encouraging cooperation and mutual support. In Ireland, AML/CFT supervisory authorities include the Central Bank of Ireland (for the financial services sector), the Minister for Justice (for various designated persons, such as trust and company service providers), and the Law Society of Ireland (for solicitors).
The AMLA will directly supervise a small number of select financial institutions, active in a significant number of EU member states, that are exposed to the highest risk of money-laundering and terrorist financing.
These institutions will be chosen based on objective criteria centred on harmonised risk categorisation and cross-border activity. The relevant list will be reviewed every three years.
The commission plans to select the first set of directly supervised institutions in 2025, with EU-level supervision taking effect the following year. If a financial institution is engaged in repeated infringements of AML/CFT rules, the AMLA may remove the relevant entity from national supervision, and place it under its direct supervision – irrespective of whether the relevant criteria are met.
In the non-financial sector, the AMLA will have a coordination role, promoting supervisory convergence and a common supervisory culture. The AMLA will have a wide range of powers, including the ability to adopt binding decisions, administrative measures, and pecuniary sanctions towards directly supervised entities.
The AMLA will be 25% funded from the EU budget, with the remainder being provided by the financial institutions under its supervision.
Single rulebook
The ‘single rulebook’ refers to a unified AML/CFT regulatory framework, which includes directly applicable AML/CFT rules and requirements on designated persons. This rulebook will be more specific and detailed than the sixth AML/CFT Directive, while no longer requiring transposition into national law. The commission expects that the single rulebook will take effect by the end of 2025.
Firstly, the new rulebook proposes several additions to the list of designated persons. These include crypto-asset service providers, crowdfunding service providers, and mortgage credit intermediaries/consumer credit providers (that are not currently financial institutions).
The commission also recommends the adoption of more detailed rules to clarify the type of information needed to identify beneficial owner(s). Furthermore, the single rulebook clarifies the existing requirement for legal entities to identify/verify their beneficial owners, while also elucidating their respective obligation to report that information to national beneficial ownership registers.
Thirdly, non-EU legal entities that have a link with the EU are required, under the single rulebook, to provide details of their respective beneficial ownership to the relevant registers. The proposed introduction of harmonised rules is hoped to improve the efficiency and accuracy of the available data. The single rulebook also includes new disclosure requirements for nominee shareholders/directors to counter any attempt to hide a beneficial owner’s identity.
The commission is also proposing the establishment of a cross-border system enabling FIUs to access information from other EU member states. A proposed amendment to the EU Directive on Access to Financial Information will ensure that law enforcement authorities can also access and search the system connecting bank-account registries.
This will allow them to identify whether a suspect holds bank accounts in other EU member states. This change is intended to facilitate asset recovery in cross-border cases.
Another key element of the single rulebook is the proposed introduction of a cap of €10,000 for cash transactions. Cash is obviously a preferred medium for criminals, since it can be very difficult to trace.
Large cash purchases allow the proceeds of crime to be ‘integrated’ into the financial system – this situation is already acknowledged by the fact that traders in goods that typically receive cash payments more than €10,000 are designated persons for the purposes of the EU’s fifth AML/CFT Directive and, therefore, must currently apply customer due diligence to their customers (among other obligations).
EU member states will be free to introduce a lower cap. Some have already done so. For example, there is a €500 cap on cash transactions in Greece.
Third countries
The commission is also proposing the implementation of an updated common framework to screen potential AML/CFT threats from third countries to the EU’s financial system. Both the commission and the AMLA will be tasked with identifying foreign threats to the EU’s financial system and, where relevant, warning the relevant supervisory authorities at member-state level.
Key elements of this proposal include the classification of third countries via autonomous EU or Financial Action Task Force (FATF) evaluation, whereas the levels of subsequent measures should be proportionate to the level of risks posed. (FATF is an intergovernmental organisation founded in 1989 on the initiative of the G7 group of countries to develop policies to combat money-laundering.)
If there are serious shortcomings in a third country’s AML/CFT framework, it will be placed on a ‘blacklist’ by the commission. A third country being ‘subject to a call for action’ by the FATF will have the same effect as being put on the commission’s ‘blacklist’. Third countries will be designated ‘grey-list’ status for less serious AML/CFT shortcomings.
Cryptocurrencies
The commission intends that EU AML/CFT rules should apply in full to the crypto sector. The proposed extension of the application of the EU’s 2015 Regulation on Transfer of Funds to crypto-assets significantly enhances the capability of EU member states to monitor crypto-asset service providers, while also increasing the latter’s regulatory compliance obligations.
The single rulebook extends the existing requirements for wire transfers to the activities of crypto-asset service providers.
The proposed adoption of the Markets in Crypto Assets (MiCA) Regulation will introduce increased requirements for issuers of crypto-assets and crypto-asset service providers based in the EU.
These will include authorisation being compulsory for entities to provide crypto services in the EU and a ban on opening or using anonymous crypto-asset accounts, allied to an obligation on service providers to collect and make accessible to relevant authorities any data on the originators and beneficiaries of the transfers of the virtual or crypto-assets they operate.
The MiCA is intended to help EU member states identify suspicious crypto transactions and, if necessary, block them.
The commission hopes that the MiCA (and other proposals) – while admittedly increasing the relevant regulatory burden – should enhance the reputation, rather than undermining the growth, of the crypto-asset sector in the EU.
Digital-identity solutions
The commission is also seeking to implement a robust framework enabling the safe use of digital-identity solutions throughout the EU.
The proposed changes relating to the AML/CFT framework (such as a European digital identity) and the introduction of increased security requirements through the imposition of new technical standards are intended to increase cross-border digital interaction between EU member states and provide improved security for businesses and EU citizens alike.
Legal profession
While the July 2021 package provides the basis for more robust and consistent EU rules to combat money-laundering and terrorist financing, and should thus be welcomed, bar associations and law societies throughout the EU are, nevertheless, concerned regarding the potential negative impact on the principle of the self-regulation of the legal profession.
The package introduces three levels of supervision for entities outside the financial sector. Firstly, self-regulated bodies act as the supervisors of independent legal professionals.
Secondly, article 38 of the proposed sixth AML/CFT Directive requires EU member states to establish supervision of self-regulated bodies by a national authority – this power of oversight includes the power to issue an instruction to remedy any failure to perform supervisory functions.
Thirdly, the AMLA may, under article 32 of the proposed AMLA Regulation, issue a formal opinion to a national authority supervising a self-regulated body and/or, in extremis, an individual decision to self-regulated bodies to remedy any relevant compliance issue.
By potentially giving AMLA and national authorities the power to intervene in specific cases, the changes suggested by the commission undermine the fine balance between the independence of the legal profession and the need to combat money-laundering and terrorist financing. Indeed, the commission has not produced any evidence to show that supervision by the AMLA would be more efficacious than national-level supervision by bars and law societies.
Access to quality independent legal advice for all natural and legal persons is an intrinsic element of the justice system in a democracy. Denying such access undermines the rule of law. Introducing the right of AMLA and/or national supervisors to oversee compliance of law firms with their relevant AML/CFT obligations is, therefore, a step in the wrong direction.
Read and print a PDF of this article here.
Cormac Little
Cormac Little SC is head of the competition and regulation unit of William Fry LLP and a member of the Law Society’s EU and International Affairs Committee.