COMMISSION STAFF WORKING DOCUMENT

Accompanying the documents Proposal for a Directive of the European Parliament and of the Council on the prevention of the use of the financial system for the purpose of money laundering, including terrorist financing

and

Proposal for a Regulation of the European Parliament and of the Council on information accompanying transfer of funds

Contents

I.            Introduction. 5

II.           Procedural Issues and Consultation of Interested Parties. 6

II.1.         Procedural issues. 6

II.2.         External expertise and consultation of interested parties. 6

Box 1:     Results of the Commission's public consultation. 8

III.         Policy context, Problem definition and Subsidiarity. 8

III.1.       Background and context 8

III.1.1.     The nature of the problem of Money Laundering and Terrorist Financing. 8

III.1.2.     Nature and size of the market concerned. 9

III.1.3.     Main stakeholders affected by Money Laundering and Terrorist Financing. 9

III.1.4.     Impact of Money Laundering and Terrorist Financing. 10

III.2.       Overview of legislative framework. 11

Box 2:     Overview of the main legal instruments in the field of AML/CFT. 11

III.3.       Problem definition. 12

III.3.1.     Quantification of Money Laundering and Terrorist Financing. 12

Box 3:     Estimating the costs of mounting terrorist attacks. 13

III.3.2.     Areas most affected by Money Laundering and Terrorist Financing. 13

III.4.       Problem Drivers. 16

III.4.1.     Problem Driver 1: the existing rules are inconsistent with the recently revised international AML/CFT standards  16

Box 4:     Main Changes to the International Standards to combat Money Laundering and Terrorist Financing  17

III.4.2.     Problem Driver 2: the existing EU rules are differently applied across Member States leading to reduced legal certainty. 22

Box 5:     Different approaches to the calculation of the 25% beneficial ownership threshold in EU Member States  23

Box 6:     Different levels of compliance with the international standards across EU Member States. 24

III.4.3.     Problem Driver 3: Inadequacies and loopholes with respect to the current EU rules. 24

III.5.       Baseline scenario – How will the problem evolve without action?. 27

III.6.       Problem Tree. 29

III.7.       The EU's right to act and justification. 30

IV.          Objectives. 32

V.           Policy Options: Description, Comparison and Impacts. 34

V.1.        Summary Description, Assessment and Comparison of the Main Policy Options. 34

V.2.        Main Policy Options Relating to the Operational Objectives. 35

VI.          Analysis and quantification of Impacts. 43

VI.1.       Compliance costs of the existing framework. 43

VI.2.       Measuring Administrative Burden under the existing framework. 44

VI.3.       Compliance Costs resulting from the changes to the framework. 45

VI.4.       Impacts of the Framework on Stakeholders. 50

VII.        Analysis of other impacts. 53

VII.1.      Impact on fundamental rights. 53

VII.2.      Impacts on Small and Medium-Sized Enterprises (SMEs) 54

VII.3.      Environmental impacts. 56

VII.4.      International aspects. 56

VII.4.1.   International  Standards. 56

VII.4.2.   Third Country Equivalence. 56

VII.4.3.   Competitiveness of EU.. 57

VIII.       Overall impacts of the package. 57

VIII.1.     Impacts of the preferred policy options. 57

VIII.2.     Coherence with other EU initiatives. 59

IX.          Monitoring and Evaluation. 60

X.           Annexes. 62

ANNEX I: Glossary. 62

ANNEX II: The Development of EU and International Policies to Combat Money Laundering and Terrorist Financing  67

ANNEX III: Detailed Assessment of Policy Options. 70

ANNEX IV: Costs of Compliance with the Third AMLD by Cross-Border Banking Groups. 104

ANNEX V:Sector by Sector Analysis of Impacts. 110

V.1.        The Banking Sector 110

V.2.        The Payments Sector 111

V.3.        The E-Money Sector 112

V.4.        Accountants and External auditors. 113

V.5.        The insurance Sector 114

V.6.        Lawyers/notaries. 116

V.7.        The gambling sector 117

V.8.        Real estate sector 118

ANNEX VI: Membership of FATF and Moneyval 120

ANNEX VII: Efforts to measure effectiveness of AML measures by the Commission. 122

ANNEX VIII: Comparison of EU Member States' sanctions and penalties for non-compliance with AML/CFT rules  123

ANNEX IX: Comparison of EU Member States' rules implementing AML rules to casinos and the gambling sector 130

I. Introduction

This impact assessment has been prepared with a view to the revision of the Anti-Money Laundering framework[1].

Directive 2005/60/EC on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing (hereinafter referred to as the Third AMLD), sets out the framework designed to protect the soundness, integrity and stability of credit and financial institutions (FIs) and confidence in the financial system as a whole, against the risks of money laundering (ML) and terrorist financing (TF).

The objective of Regulation EC 1781/2006 on information on the payer accompanying transfers of funds (hereinafter referred to as the Fund Transfers Regulation) is to enhance the transparency of fund transfers of all types, domestic and cross-border, in order to make it easier for law enforcement authorities to track funds transferred electronically by terrorists and criminals.

The EU rules are to a large extent based on international standards adopted by the Financial Action Task Force (FATF)[2]. They have been adapted to fit to an EU context and, as the EU Directive follows a minimum harmonisation approach, the framework has been completed by rules adopted at national level[3].

The FATF has undertaken a fundamental review of the international standards, which culminated in the adoption of a new set of recommendations in February 2012[4], and which place an increased focus on the effectiveness of regimes to counter money laundering and terrorist financing. In parallel to the international process, the European Commission has undertaken its own review of the European framework. This review has comprised an external study published by the Commission on the application of the Third AMLD (hereafter the Deloitte study)[5], extensive contacts and consultations with private stakeholders and civil society organisations[6], as well as with representatives of EU Member State regulatory and supervisory authorities and Financial Intelligence Units (FIUs).

The results of the Commission's review were set out in a Report to the European Parliament and Council[7] adopted in April 2012. The Report analysed how the different elements of the existing framework have been applied and considered how the framework may need to be changed. The responses to the ensuing public consultation have indicated a need to introduce clarifications or refinements in a number of areas. A revision of the Directive would in any case have been needed in order to update it in line with the revised FATF Recommendations, which in themselves represent a substantial strengthening of the AML/CFT framework.

The constantly changing nature of money laundering and terrorist financing threats, driven by the limitless ingenuity of criminals coupled with constant technological evolution of delivery channels, necessitates the periodic review, and where necessary revision, of the legal framework designed to counter such threats.

II. Procedural Issues and Consultation of Interested Parties II.1. Procedural issues

The preparation of this impact assessment has involved close coordination across Commission services. An Inter Service Steering Committee (ISSC) on AML was set up in January 2012, to discuss initially the draft application report, and subsequently to discuss the preparation of the impact assessment. The ISSC comprised the following services: MARKT, HOME, JUST, SG, TAXUD, SJ, FPI, and ENTR. The ISSC met on 4 occasions.

Work on the IA began in March 2012 and has been conducted over a period of five months. The IA was submitted to the Impact Assessment Board on 27 July and discussed on 5 September. The Minutes of the last ISSC meeting were submitted to the IAB.

The comments received from the IAB resulted in the following main changes:

· Additional information has been included in the problem definition regarding important differences between certain aspects of Member States' anti-money laundering frameworks (with respect to different approaches to identification of the beneficial owner, different thresholds applied for cash transactions, differences between national penalty regimes for non-compliance with AML rules and the differences in application of AML rules to the gambling sector – beyond casinos);

· Further information has been added with respect to the main changes at international level;

· The presentation of objectives and analysis of policy options has been simplified;

· The analysis of impacts on SMEs has been strengthened;

· The chapter dealing with analysis and quantification of impacts has been strengthened, incorporating more data and in particular including a specific analysis of administrative burdens;

· Explanations have been provided regarding the choice to lower the threshold for cash transactions from €15,000 to €7,500;

· An explanation has been included as to why the delay for responses to the Commission's application report was set for a period shorter than the 12 week minimum standard for public consultation.

II.2. External expertise and consultation of interested parties

The Commission services have made substantial efforts to obtain evidence in this field and to ensure full engagement of the different stakeholders:

· Over the course of 2010, a study by external consultants Deloitte was carried out on behalf of the Commission to look into the application of the Third AML Directive. The study involved an extensive consultation of various stakeholders.

· Member State regulators have been closely associated throughout the process with the work to prepare revisions to the legislative framework through the Committee for the Prevention of Money Laundering and Terrorist Financing (CPMLTF).

· Member State supervisors have made important contributions via the European Supervisory Authorities’ (ESAs) Anti Money Laundering Committee[8]. In particular, in 2011 they produced two important studies on beneficial ownership[9] and simplified due diligence[10].

· Representatives of Member State Financial Intelligence Units (FIUs) have been associated with the preparation of the legislative texts, and have via the FIU platform[11] in particular contributed ideas on how cooperation between FIUs could be improved, as well as how to strengthen available tools and powers.

· Over the course of 2011-2012, the Commission organised two private sector stakeholder meetings[12] in order to discuss issues in relation to the preparation of its application report on the Third AMLD[13], and the followed these up with a number of bilateral or sectoral meetings with private stakeholder groups and civil society organisations. Participating stakeholders included representative European organisations in the banking, insurance, payments, e-money, accountancy, real estate, legal and gambling sectors. Also invited were representatives of various civil society organisations who had expressed clear interest in money laundering/terrorist financing issues. The Commission also carried out a written consultation of private stakeholder and civil society representatives between 11 April and 13 June 2012, the main results of which are described in Box 1[14].

Box 1: Results of the Commission's public consultation

In April 2012, the Commission adopted a report on the application of the Third AMLD, and solicited comments from all stakeholders on its considerations.  

In particular,  the report focused on a number of identified key themes (including application of a risk-based approach, extending the scope of the existing framework, adjusting the approach to customer due diligence, clarifying reporting obligations and supervisory powers, enhancing FIUs co-operation etc.), which are central to the review of the Third AMLD. In addition, the annex to the report addressed a closely related matter, namely cross-border wire transfers. 

During the consultation period the Commission received 77 contributions[15] from public authorities, civil society, business federations and companies in several fields (including financial services, gambling sector, liberal professions, real estate sector, trust and company service providers), representing a broad variety of stakeholders. Replies came from 15 EU Member States and from some countries outside the EU (e.g. Jersey). 21 of the 77 replies, i.e. 27%, were provided by pan-European organisations.

The overall results of the consultation point to a general confirmation of the issues and problems highlighted by the Commission's Report, as well as broad support for the proposed alignment to the revised FATF standards and for greater clarification in particular in the areas of data protection and how to apply the rules in cross-border situations. Analysis of the responses reveals a diversity of opinions, which reflect the different categories of respondents. However, the industry most directly concerned by AML compliance generally welcomed this review as an opportunity to improve the effectiveness of the AML/CFT regime. Civil society organisations have responded with similar views. The feedback statement is available at the following address: http://ec.europa.eu/internal_market/company/docs/financial-crime/072012_feedback_statement_en.pdf

III. Policy context, Problem definition and Subsidiarity III.1. Background and context III.1.1. The nature of the problem of Money Laundering and Terrorist Financing.

Money laundering and terrorist financing are often subject to the same legislation. However, although the two concepts might share many elements, their defining features are quite different.

· Money laundering concerns activities related to assets which have a criminal or illicit origin. Criminals engaged in money laundering will therefore attempt to conceal or disguise the true nature, source or ownership of the assets in question and transform them into seemingly legitimate proceeds. If dirty money is allowed to flow through the financial system, the stability and reputation of the financial sector can be seriously jeopardised - which in turn could undermine the integrity of the single market.

· Terrorist financing on the other hand concerns the provision or collection of funds to carry out any of the offences defined in Council Framework Decision 2002/475/JHA on combating terrorism.  Terrorist activities can be funded through legitimate as well as criminal activities and terrorist organisations engage in revenue-generating activities which in themselves may be, or at least appear to be, legitimate. There is a clear risk to the integrity, proper functioning, reputation and stability of the financial system, and with potentially devastating consequences for the broader society.

III.1.2. Nature and size of the market concerned

Obligations stemming from the EU's Third AMLD are applied not only by financial institutions (banks, insurance companies, the securities sector, etc.), but the framework extends beyond the traditional financial sector and covers gatekeepers of the financial system (auditors, external accountants, tax advisors, notaries, lawyers, real estate agents, casinos). Together, the combined sectors falling under the scope of the AML/CFT regime amount to nearly 10 million employees.

Compliance with AML/CFT rules has significantly different impacts according to the type of obliged entity. Large multi-national financial institutions may employ hundreds of thousands of staff, but there are also many small and medium-sized financial institutions, often active only at a local/domestic level. Persons working in the professional business services sector (lawyers, notaries, accountants, auditors, etc.) may be part of large cross-border groups, or may work as independent professionals in small offices. The ML/TF risks associated with each business, and consequently the compliance burdens resulting from application of AML/CFT rules, will vary in accordance with the type of activity, the type of client and the geographical location[16].

In view of these differences between sectors, it is not possible to provide general data regarding how many staff work on compliance issues, and how many of those are specifically engaged in AML/CFT compliance. Some indications as to the costs of compliance are provided in Annex V on a sector by sector basis, along with additional background information including a general description of each sector as well as some typologies of money laundering and terrorist financing.

III.1.3. Main stakeholders affected by Money Laundering and Terrorist Financing

Table 1 Main stakeholders affected by Money Laundering, Terrorist Financing and the necessary countermeasures (under the baseline scenario)

Who is affected? || How?

1. Obliged entities || · Credit and Financial institutions · Auditors · External accountants · Tax advisors · Notaries · Independent legal professionals (involved in transactions) · Trust or company service providers · Real estate agents · Casinos · Other natural/legal persons trading in goods when cash payments >€15,000 || They are required to implement the rules, identify and verify the customer, the beneficial owner, understand the nature of the business relationship, conduct ongoing monitoring of the business relationship, file suspicious reports to FIUs, maintain records, and comply generally with the rules set out in the EU framework.

2. Public authorities || · Regulators · Supervisors · Financial Intelligence Units · Law enforcement || They are required to implement and enforce the rules and protect the system against criminal/ terrorist abuse

3. Customers || Customers of the obliged entities (banks, financial institutions, auditors, etc.) || They bear the burden of increased controls, reduced access to and increased cost of services.

4. Business || Business community in general || While increased controls and restrictions may complicate business transactions, an absence of effective AML/CFT regimes would increase risks associated with money laundering and terrorist financing – which would in turn be harmful to business interests

5. Perpetrators || Criminals, terrorists, corrupt Politically Exposed Persons (PEPs) || Are prevented from abusing the financial system, or can be traced and caught as a result of the measures in place. However they are also quick to exploit any potential loopholes in the system.

6. EU Victims || EU Society/citizens || Need to be protected from terrorist attacks, increased criminality, loss of welfare resulting from corruption, tax evasion, damage to market integrity, trust, etc.

7. Non EU Victims || Society/citizens/governments in third countries || Need to be protected against the EU financial system being used as a channel for illicit proceeds drained away from the local economy as a result of corruption and criminality.

III.1.4. Impact of Money Laundering and Terrorist Financing

There is a general consensus globally and across political spectrums that immense damage can result if financial systems are insufficiently protected from criminal or terrorist abuse. In particular, systems which fail to prevent money laundering and terrorist financing expose themselves to:

· societal risk, stemming from the feedback of criminal and terrorist funds into criminal and terrorist activities;

· negative economic impacts, arising from disruptions to international capital flows, reduced investment and lower economic growth;

· financial market instability, resulting from reluctance of other financial intermediaries to engage in business, loss of reputation, drop in confidence and prudential risks.

III.2. Overview of legislative framework

EU legislators have put in place a preventative framework to combat money laundering and terrorist financing. The rules are to a large extent based on international standards, adapted to fit into an EU context. They are completed by rules adopted at national level:

Box 2: Overview of the main legal instruments in the field of AML/CFT

Directive 2005/60/EC (the "Third AMLD"):

· Prohibits money laundering and terrorist financing, and defines the types of conduct which are considered to constitute such offences. The Directive also defines the types of underlying criminal activity (i.e. the "predicate offence") which gives rise to the offences of money laundering or terrorist financing;

· Imposes an obligation on the "obliged entities"[17] to conduct "customer due diligence, (i.e. to carry out checks on customers in order to verify their identity, the identity of the beneficial owner[18], to understand the nature of the business relationship and to ensure that it is monitored on an ongoing basis). Should the obliged entity or person have knowledge or suspicion that money laundering or terrorist financing is being or has been committed, or attempted, they must promptly inform the Financial Intelligence Unit;

· Permits certain derogations from customer due diligence[19], by allowing for simplified procedure in certain listed cases[20]. Obliged entities must at least gather sufficient information to establish if the customer qualifies for Simplified Customer Due Diligence (SDD);

· Requires enhanced customer due diligence measures, for situations where there is a higher risk of money laundering or terrorist financing, such as where the customer has not been physically present for identification purposes, in the case of cross-border correspondent banking relationships with respondent institutions from third countries, and in the case of politically exposed persons residing in another Member State or a third country.

Directive 2006/70/EC (the "implementing Directive") lays down implementing measures for Directive 2005/60/EC as regards the definition of politically exposed person and the technical criteria for simplified customer due diligence procedures and for exemption on grounds of a financial activity conducted on an occasional or very limited basis.

Regulation 1781/2006 on information on the payer accompanying transfers of funds: requires information on the payer to accompany transfers of funds, with the objective of ensuring prevention, investigation and detection of money laundering and terrorist financing. The Regulation covers all types of fund transfers carried out by electronic means in any currency, from a payer to a payee, which are sent or received by a Payment Service Provider (PSP) established in the EU (Art. 3.1). This is in order to make it easier for law enforcement authorities to track funds transferred electronically by terrorists and criminals.

A number of additional instruments which complete the framework are described in Annex II.

III.3. Problem definition III.3.1. Quantification of Money Laundering and Terrorist Financing

Given the illicit and hidden nature of money laundering and terrorist financing activities, no definitive figure can be provided which would accurately quantify the amounts processed by criminals for these purposes. As definitions differ as to which criminal activities (e.g. tax evasion) are considered "predicate offences" for money laundering purposes, comparison across countries can also be very difficult.

In recognition of the importance of providing policy-makers with better intelligence about the dimension of the problem, there have been efforts by international organisations to conduct research attempting to quantify the total amounts laundered across the globe. While any estimate must of course be treated with an appropriate degree of caution, there is general agreement that the amounts involved are very considerable.

The most widely quoted research dates back to the 1990s, when the International Monetary Fund (IMF), published a broad ranging estimate which quantified money laundering to be in the region of 2-5% of global GDP. In an EU context, if this range were extrapolated to the present day, with total EU GDP amounting to € 12.27 trillion, it could be assumed that the amount of money laundered funds was somewhere between € 245-613 billion (assuming an even distribution of money laundering globally).

More recent research has been published by the United Nations Office on Drugs and Crime[21]. The findings, which are broadly in line with the earlier IMF estimates, suggest that all criminal proceeds are likely to have amounted to some 3.6% of GDP or around US$ 2.1 trillion in 2009, with an estimated amount available for money laundering equivalent to some 2.7 % of global GDP, amounting to some US$ 1.6 trillion.  With similar assumptions as above, the amount of money laundered annually in the EU could be estimated at around € 330 billion.

While the complex research methods used to calculate global amounts of money laundering can be contested and should not constitute a sole nor definitive basis for policy responses, more concrete illustrations of the vast sums at stake can be found in real life cases where money laundering has actually been detected, and where the facts are not open to dispute. Cases are many and varied, ranging from small scale operations, to huge schemes involving multi million or even multi billion euro amounts. The scale of money laundering uncovered in the case of Wachovia[22] (to date, the largest case of money laundering ever detected - see Annex V.1), serves as an important warning of the consequences that can arise in the event of a breakdown of AML defence mechanisms.

With respect to Terrorist Financing, no equivalent estimates of the overall amount of terrorist financing exist. According to a report of the UK House of Lords in 2009, however, the mounting of terrorist operations appears – in contrast to the sums of money involved in money laundering – to involve much smaller amounts[23], while the detrimental impact they cause on society, on the economy and on security can be enormous, far exceeding the costs of mounting operations.

Box 3: Estimating the costs of mounting terrorist attacks[24]

Maintaining a terrorist network, or a specific cell, to provide for recruitment, planning, and procurement between attacks represents a significant drain on resources. A significant infrastructure is required to sustain international terrorist networks and promote their goals over time.

Nevertheless the direct costs of mounting individual attacks have been low relative to the damage they can yield, both financial and in terms of their societal impact. The only costs involved in domestic terrorism are those incurred in training and recruitment and the commission of the attacks.

For example, the 2005 London bombings were estimated to have cost just £8.000 (€ 10,000) sterling and Madrid train bombings costs were estimated to be $10.000 (€ 8,050).

Although the CIA estimated that Al-Qaeda had an annual budget of $30 million (€ 24 million) prior to 9/11 attacks in New York City, the total cost related to the preparation and execution of the attacks themselves was estimated to be no more than $500.000. (€ 400,000)

The vastly different sums of money implicated in money laundering and terrorist financing pose a particular challenge for regulators, financial institutions and gatekeepers of the financial system – on the one hand, vigilance is called for to keep the system safe against the possibility that it is used for the laundering of massive amounts of criminal proceeds, whilst on the other hand, mechanisms are needed to detect even the smallest amounts which might be used for terrorist purposes.

III.3.2. Areas most affected by Money Laundering and Terrorist Financing

The fight against money laundering has evolved over time. While the initial focus targeted the illicit proceeds of the drugs trade, the scope of crimes targeted by the AML/CFT framework has been progressively broadened to include the proceeds of fraud, corruption, and other crimes. The current EU framework takes an "all serious crimes" approach, and includes within its scope all other criminal offences which carry a punishment of imprisonment based on a mixture of maximum and minimum thresholds[25].  

Similarly, while the framework initially included only credit and financial institutions, it has since been broadened to reflect the fact that other "gatekeepers" have an important role to play in preventing the system from being abused by criminals and terrorists. Money laundering can take many different forms, and beyond the banking sector, money laundering schemes have been detected involving lawyers, the real estate sector, the gambling sector, the insurance business – indeed all the sectors targeted by the legislative framework. Examples of money laundering according to each sector have been included in Annex V.

While it is difficult to provide estimates of the extent to which the various sectors are affected by money laundering, for the reasons described in the previous section, information is available about the extent to which the different sectors are filing reports. As with all data in this area, the figures must be treated with caution: the concept of a "suspicious transaction or activity report" can differ substantially across jurisdictions, as do the types of crime which give rise to a money laundering offence; the nature of the business relationship with a customer will also have an impact on the likelihood of reports being generated (each day, banks may be monitoring millions of  transactions, while a lawyer or an accountant may only deal with a handful of clients); and given that financial institutions have been covered by the framework for considerably longer than other obliged entities, they have had more time to develop the experience and the systems to detect suspicious cases.

The following table is taken from the Commission's publication Money Laundering in Europe[26] and indicates the number of suspicious reports generated per sector in 2008. By far the largest number of filings are made by credit institutions and money transfer institutions. Reports from the non-financial sector are on the other hand much smaller by comparison, although there can be substantial variations across Member States.

Table 2 Suspicious transaction reports according to sector

III.4. Problem Drivers

The challenge for the AML/CFT framework is to ensure that the EU rules – and their enforcement – keep pace with evolving trends, developments in technology and the seemingly limitless ingenuity of criminals to exploit any gaps or loopholes in the system. The EU has in the past been at the forefront of the fight against money laundering and has set high standards for its framework. However, while that framework is designed to keep the system safe from criminal infiltration, there are unfortunately still many cases of money laundering (both in the EU and across the globe) which provide evidence that the problem of money laundering continues to plague the financial system[27]: it is a fair assumption that the cases identified represent only the tip of a very large iceberg. According to the October 2011 United Nations Office on Drugs and Crime (UNODC) study[28], the amount of funds intercepted by law enforcement is estimated to amount to less than 1% of the total funds laundered, and actual seizures amounted to less than 0.2%[29].

Assessing the extent to which countries' AML/CFT regimes may or may not be effective in safeguarding the system from money laundering or terrorist financing is complex. Some systems may encounter very low levels of corruption, and thus face reduced pressures to combat the problem. Other countries may be effective in facing up to ML/TF threats by having in place robust preventive and dissuasive measures which ensure that the number of cases of money laundering remains low. On the other hand, it may also be the case that countries faced with high risks of money laundering, but which have in place and weak preventive and enforcement systems, will be less able to identify and catch money laundering activity. Such considerations mean that any attempt to establish a link between non- or poor compliance with AML rules and higher incidences of recorded ML/TF cases will always remain problematic and can be misleading.

III.4.1. Problem Driver 1: the existing rules are inconsistent with the recently revised international AML/CFT standards

AML/CFT standards are agreed internationally and all EU Member States undergo a rigorous assessment process to ensure that their national legislation is in compliance[30].

In February 2012, new international standards were adopted by the FATF which are intended to enable national authorities to take more effective action against money laundering and terrorist financing at all levels – from the identification of bank customers opening an account through to investigation, prosecution and forfeiture of assets. They also better address the laundering of the proceeds of corruption and tax crimes and strengthen the requirements for higher risk situations and allow countries to take a more targeted risk-based approach.[31]

Box 4:          Main Changes to the International Standards to combat Money Laundering and Terrorist Financing

There are many detailed changes resulting from the revision of the FATF standards which will require careful and detailed implementation into EU and national legal frameworks. The most significant changes for the purposes of this impact assessment are as follows:

Strengthening the risk-based approach: countries more at risk of money laundering or terrorist financing will need to do more than those less at risk. Countries need first to clearly understand the money laundering and terrorist financing risks which affect them, and adapt their Anti Money Laundering/Counter Financing of Terrorism (AML/CFT) system to the nature of these risks – with enhanced measures where the risks are higher and the option of simplified measures where the risks are lower.

Improving Transparency measures: the new standards have strengthened transparency requirements, requiring that there is reliable information available about the ownership and control of companies, trusts, and other legal persons or legal arrangements. More rigorous requirements on the information which must accompany electronic funds transfers will also be required. Measures to improve transparency, implemented on a global basis, will make it harder for criminals and terrorists to conceal their activities.

Towards more effective International Cooperation: With the increasing globalisation of money laundering and terrorist financing threats, the FATF has also enhanced the scope of international cooperation between government agencies (e.g. simplified extradition mechanisms), and between financial groups. The revised Recommendations will allow more effective exchanges of information, tracing, freezing, confiscation and repatriation of illegal assets.

Identification of clear Operational Standards: the FATF Recommendations concerned with law enforcement and Financial Intelligence Units have been expanded significantly. The revisions clarify the role and functions of the operational agencies responsible for combating money laundering and terrorist financing; and set out the range of investigative techniques and powers which should be available to them.

New threats & new priorities to be covered: The FATF also addresses new and aggravated threats and responds to the priorities set out by the international community, e.g. through the G20, in particular:

· Corruption & Politically Exposed Persons - i.e. people who may represent a higher risk of corruption by virtue of the positions they hold. The requirement to apply enhanced due diligence to foreign politically exposed persons has been expanded with new recommendations also applying to domestic politically exposed persons and international organisations.

· Tax Crimes - The list of predicate offences for money laundering has been expanded to include tax crimes. Tax crimes are brought within the scope of the powers and authorities used to combat money laundering.

· Terrorist Financing – the FATF recommendations strengthen the requirements for tracking wire transfers, notably through the inclusion of information on the beneficiary in addition to the payer with the wire transfer. The scope for exemptions from the rules has been reduced.

There is a strong incentive on jurisdictions to correct inconsistencies with the international standards. Full compliance can send an important reputational signal which is vital for countries seeking to attract foreign investment. Non-compliance, on the other hand, is subject to an attentive follow-up process by the FATF or Moneyval. Persistent non-compliance can lead to inclusion in one of the FATF’s Public Statements, which identify:

· Jurisdictions that have strategic AML/CFT deficiencies and to which counter-measures (e.g. entailing a need to apply enhanced customer due diligence to persons and institutions situated in those jurisdictions, etc…) apply and; 

· Jurisdictions with strategic AML/CFT deficiencies that have not made sufficient progress in addressing the deficiencies or have not committed to an action plan developed with the FATF to address the deficiencies.

Inclusion in the FATF public statement can entail political and reputational damage for a country's financial sector leading to consequential economic costs resulting from loss of business, and can prove costly to remedy[32].

It is therefore essential to swiftly proceed with a revision of the EU framework to take account of the recent changes to the international standards. In particular, the EU framework is not, or is no longer compliant in the following key areas:

· Risk-based approach: the risk-based approach allows countries and obliged entities and persons to adopt a more flexible set of measures in order to comply with certain Recommendations. This helps them to target their resources more effectively and apply preventive measures that are commensurate to the nature of risks, in order to focus their efforts in the most effective way. Although the Third AMLD already includes some elements of a risk-based approach (e.g. in the case of CDD and risk-based supervision), the new FATF standards will broaden its application. In future, countries will be obliged, via a national risk assessment, to identify, assess and understand ML/TF risks, and to apply resources to mitigate those risks. There is also an acknowledgement that AML/CFT risk assessments at a supranational level should be taken into account, and that supervisors should apply a risk-based approach to supervision, based on their understanding of the ML/FT risks present in the country and within the entities they supervise.

· Scope: The new FATF standards have included “tax crimes (related to direct taxes and indirect taxes)” as a predicate offence[33], meaning that (at least serious) cases of tax evasion should in the future give rise to a money laundering offence, with a view to facilitating international cooperation and criminal prosecution. Although the Third AMLD[34] already sets out a range of “serious crimes” that are considered to be criminal activities, it does not specifically mention tax crimes[35].

· Customer Due Diligence (CDD): the application of the risk-based approach in the new FATF standards will require a more nuanced approach to the way in which situations requiring different levels of CDD are assessed. The current EU framework is based on a more prescriptive approach with respect to those areas to which enhanced due diligence (EDD) and simplified due diligence (SDD) must be applied. The increased emphasis on the risk-based approach in the revised standards reinforces arguments that the current EU approach needs to be changed.

· Politically Exposed Persons (PEPs): PEPs[36], under the new international standards, are persons who have been entrusted with prominent public functions by foreign countries, or domestically, or by an international organisation. The current approach in the Third AMLD is to require EDD measures in the case of PEPs residing in another Member State or in a third country. The new international standards now introduce risk-based requirements for domestic PEPs, so that in future the new standards will apply different levels of obligation in respect of foreign and domestic PEPs, both as customers and beneficial owners of customers.

· Beneficial Owners (BO): Under the Third AMLD, the BO means the natural person(s) who ultimately owns or controls the customer and/or the natural person on whose behalf a transaction or activity is being conducted. Private stakeholders have expressed concerns that the existing EU rules[37] are in practice difficult to apply, and have called for further clarity and better access to information. The revisions to the international standards provide some additional clarity by setting out an approach for identifying and verifying beneficial ownership. The Commission’s EU Internal Security Strategy (ISS)[38] also emphasises that understanding the criminal source of finances and their movements depends on information about the owner of the companies, as well as the trusts that those finances pass through. The ISS therefore proposes that the EU should consider, in the light of discussions with its international partners in the FATF, revising the EU AML/CFT legislation to enhance the transparency of legal persons and legal arrangements.

· Third Country Equivalence: The Third AMLD allows lighter CDD measures to be applied in the case of credit and financial institutions situated in EU/EEA countries. These lighter measures are extended to institutions situated in third countries which impose AML requirements considered to be "equivalent" to those laid down in the Directive. In order to co-ordinate their approach on equivalence, Member States have agreed on a regularly updated list of "equivalent third countries" in accordance with a Common Understanding on the Procedures and Criteria for the Recognition of Third Countries' Equivalence[39]. However the increased importance of the risk-based approach in the revised FATF Recommendations calls into question whether, going forward, the equivalence regime will remain appropriate at EU level.  Given that country risk in the revised FATF Standards is only one of a number of factors[40], the continued relevance and usefulness of the equivalence list has been questioned.

· Cross-border wire transfers: the EU has fully implemented the existing FATF standards via a separate Regulation (1781/2006). This Regulation has the objective of making it easier for law enforcement authorities to track funds transferred electronically by terrorists or criminals by imposing obligations on ordering, intermediary and beneficiary financial institutions. The new FATF standards in particular include a requirement to include information about the beneficiary in wire transfers, and limit the possibility for exemptions from the information requirements (e.g. in the case of E-Money and mobile telephony fund transfers) There are specific obligations on money or value transfer service providers (MVTS), in particular a requirement to file a Suspicious Transaction Report (STR) in any country affected by the suspicious wire transfer, and make relevant transaction information available to the Financial Intelligence Unit.

Table 3 Summary of the main inconsistencies between the new FATF standards and current EU legislation

Drivers || New FATF standards || Current EU legislation

Risk-based approach || Introducing national risk assessments and tailoring national approaches to the different types of risks faced. Greater emphasis on risk-based supervision. Greater emphasis on risk-based approaches for obliged entities. || · No requirement for national risk assessments, nor for coordination among EU Member States, nor for the development of supranational risk assessments · EU legislation will need to be adapted to more broadly apply risk-based approaches

Scope || Tax crimes now explicitly give rise to money laundering offence. || · EU legislation does not explicitly list tax crimes as a money laundering offence.

Customer Due Diligence || A more nuanced approach to the way in which situations requiring different levels of CDD are assessed is required. Need to consider a range of risk factors (e.g. customer risk, geographical risk, and product, service or delivery channel risk factors). || · EU legislation is currently prescriptive with respect to situations requiring/permitting SDD or EDD. · EU legislation currently lists possible exemptions from SDD.

Politically Exposed Persons || New risk-based requirements to identify domestic PEPs and PEPs working for an international organisation. The new standards will require obliged entities to ascertain whether the beneficiary of a life insurance policy is a PEP || · EU legislation currently only addresses foreign PEPs · EU legislation requires application of EDD measures for PEPs residing in another MS or a third country (not in conformity with standards) · EU legislation imposes a one year time limit after which persons who have ceased to be entrusted with a prominent function are no longer considered PEPs (not in conformity with standards), · EU legislation stipulates that “senior management approval” means the immediate higher level of the hierarchy of the person seeking the approval – this may not be appropriate in all cases.

Beneficial Owners || The new international standards set out an approach for identifying and verifying beneficial ownership, with measures aimed at finding a natural person with a controlling ownership interest, or (if none can be found or if there are doubts that the person with the controlling ownership interest is the beneficial owner) the natural person exercising control through other means. || · EU legislation requires identification by the obliged entity of the beneficial owner, but does not specify a means by which such information should be made available.

Third country equivalence || The risk-based approach in the new international standards calls into question the appropriateness of the equivalence regime of the EU - country risk is only one of a number of factors that obliged entities need to take into account. || · EU legislation allows lighter CDD measures to be applied in the case of credit and financial institutions situated in EU/EEA countries, which can be extended to institutions situated in third countries which impose AML requirements considered to be "equivalent" to those laid down in the Directive. · Member States have agreed on a regularly updated list of "equivalent third countries".

Cross-border wire transfers || The new international standards contain additional requirements for tracking transfers of funds, including information about the beneficiary of wire transfers. There are enhanced requirements with respect to verifying information. The new international standards limit possible exemptions from the requirements There are specific obligations on money or value transfer service providers (MVTS), in particular a requirement to file a Suspicious Transaction Report (STR) in any country affected by the suspicious wire transfer, and make relevant transaction information available to the Financial Intelligence Unit || EU legislation requires information only on the payer to accompany electronic fund transfers. EU legislation exempts fund transfers using E-Money and mobile phones below specific thresholds. EU legislation provides a possibility to exempt electronic money and fund transfers using mobile telephones below certain thresholds EU legislation requires filing of an STR to the FIU in whose territory the institution or person forwarding the information is situated.

III.4.2. Problem Driver 2: the existing EU rules are differently applied across Member States leading to reduced legal certainty.

In addition to the issues identified under Problem Driver 1, a number of areas have been identified[41] during the Commission's review process where the current EU rules result in inconsistent implementation. Such deficiencies cause uncertainties for businesses – especially those needing to ensure compliance in a cross-border context – and may impact on the effectiveness of the overall system to combat AML/CFT risks:

· Some concern has been expressed as to the consistency of statistical data relating to the effectiveness of AML/CFT systems[42]. Eurostat has collected a considerable amount of information relating to key indicators from FIUs[43], however there is recognition that significant definitional and systemic differences (e.g. different notions of what constitutes a "report", different processing of reports, different approaches towards prosecution of cases) considerably undermine comparability across countries and complicate effectiveness assessments of AML/CFT systems.  As these differences between are the consequence of the different national approaches followed (e.g. what needs to be filed, when and how), it is impossible to rely on such information to draw any meaningful conclusions about the effectiveness of the system. Information received from Member States is therefore not sufficiently illustrative of the effectiveness of national AML/CFT systems.

· Article 3(6) of the Third AMLD defines “beneficial owner” as the natural person(s) who ultimately owns or controls the customer and/or the natural person on whose behalf a transaction or activity is being conducted. The Directive stipulates a 25% threshold of ownership or voting rights or, in the case of administered funds, the beneficiary of 25% or more of the property, for the identification of a “beneficial owner”, for AML/CFT purposes. A report by the European Supervisory Authorities[44] has found that the way in which Member States determine how the Beneficial Ownership threshold should be calculated differs[45]. These differences may pose difficulties and increase costs at group level when designing customer identification procedures and assessing customer risk. They may also affect the level playing field for FIs and Designated Non-Financial Businesses and Professionals (DNFBPs) across Member States. Effective implementation has also been hindered by uncertainty amongst private sector stakeholders as to how to understand how far the obligation to “take adequate measures” to identify the beneficial owner needs to go in practice[46].

Box 5:  Different approaches to the calculation of the 25% beneficial ownership threshold in EU Member States

According to the ESA's study, 13 MS broadly followed a “top down” approach with respect to the calculation of the beneficial ownership threshold, which means that in cases of indirect ownership, the percentage/share is determined by reference to the customer only. Some MS require institutions to determine whether a natural person at grandparent level (or beyond) holds 25% plus one share of the customer or more, e.g. a 30% share (grandparent level) of a 60% percent share (parent level) in the customer is considered an indirect 18% share in the customer and is not normally considered an ultimate beneficial owner. Other MS following the “top-down” approach, seeking to determine whether a natural person at grandparent level (or beyond) exercises control or owns at least 25% plus one share of the customer (de jure or de facto).

11 MS take the “bottom up” approach that ownership at any layer has to be counted in full, e.g. a 30% share (grandparent level) of a 60% percent share (parent level) in the customer is considered an indirect 30% share in the customer and thus a person who owns more than 25% of such entity is considered the ultimate beneficial owner.

· Supervision: Article 37 of the Third AMLD obliges Member States to require competent authorities to ensure compliance with the requirements of the Directive by all institutions and persons covered and to ensure that competent authorities have adequate powers – including to compel production of any information relevant to monitoring compliance and perform checks, and have adequate resources to perform their functions. Public stakeholders, especially supervisory authorities, have in particular expressed concerns about the lack of legal certainty in the current legislative texts about their ability to ensure correct compliance with host state AML/CFT obligations in the case of payment service providers, operating on the basis of a single EU passport via branches or agencies. Such uncertainties have the potential to create gaps in compliance and might undermine the effectiveness of the framework[47].

· Article 39(2) of the Third AMLD obliges Member States to impose appropriate administrative measures or sanctions against credit and financial institutions for infringements of national provisions which stem from the Directive. The measures and sanctions must be effective, proportionate and dissuasive. While all Member States have been found to have implemented a national sanctioning regime applicable in cases of non-compliance with the provisions of the Directive, and that such sanctions are applied in practice, the Deloitte study concludes that “the variety in national penalty regimes is so large that it is not possible to compare penalties through all Member States”[48]. Different levels of sanctions can significantly impact the readiness of obliged stakeholders to comply with the Directive and to report suspicious transactions to the authorities, which can in turn impact the effectiveness of AML systems[49].

Table 4 Summary of the main differences across Member States and their Internal Market consequences

Rules differently applied by Member States || Description || Consequences

Consistency of statistical data on suspicious transaction reports || Significant definitional and systemic differences (e.g. different notions of what constitutes a "report", different processing of reports, different approaches towards prosecution of cases) || Reduced comparability of statistical data, difficulties to evaluate and monitor effectiveness.

Beneficial Ownership || Differences on how the beneficial ownership threshold should be calculated || Difficulties and costs for group AML compliance Negative impact on level playing field Uncertainty risks undermining effectiveness of group-wide AML

Supervision || Lack of legal certainty about supervisors' ability on host state obligations for branches and agencies || Gaps in compliance, reduced effectiveness of AML supervision Uncertainties for cross-border business

Administrative measures or sanctions || Differences in administrative measures and sanctions || Different incentives for obliged entities to comply with the AMLD via reporting, as a result, reduced effectiveness

Box 6:   Different levels of compliance with the international standards across EU Member States

The results of evaluations carried out by the FATF and Moneyval reveal some differences in the way that Member States have interpreted provisions in the Directive.  For example, the requirements relating to Simplified Due Diligence in the Directive have generally been found to be overly permissive in evaluation reports.  Within this, the provisions of the Directive have been interpreted differently, with some Member States considering the provisions to be an outright exemption, but others requiring at least some level of customer identification or ongoing monitoring.   

III.4.3. Problem Driver 3: Inadequacies and loopholes with respect to the current EU rules.

Both the Commission's review process, and the revised FATF standards have identified inadequacies in the current framework. Under Problem Driver 3, the focus is on vulnerabilities or inadequacies which extend beyond those addressed by the revision of the international standards, but which appear important to address in an EU context:

· Sports betting and other forms of gambling: The Third AMLD includes “casinos” within its scope, but without providing any definition. The Directive also covers activities “performed on the Internet” (recital 14), thus covering on-line casinos. However as the Directive is based on minimum harmonization, national laws have addressed the broader risks associated with other forms of gambling in very different ways[50]. Private stakeholders have expressed concerns that some of the sectors most vulnerable to AML/CFT risks have not been covered by the legislation. In particular, increasing evidence is coming to light about money laundering risks linked to corruption in sport, and in particular match fixing. The FATF has published a Typology on the Football Sector[51] in which risks in betting activity related to the football sector have been identified.

· Dealers in high value goods:  Dealers in high value goods fall within the scope of the Directive where the amount of the transaction exceeds €15,000 in cash, and are required by the Directive[52] to conduct customer due diligence for occasional transactions equal to or above that amount. Some Member States (see table) have taken a stricter approach towards the requirement for such persons to conduct CDD and either apply identification requirements as of a lower threshold, or else impose an outright ban on payments in cash above certain thresholds. The diversity of thresholds across Member States is at best confusing in an Internal Market context, but there is also a risk that such differences can lead to vulnerabilities in the borderless Schengen environment: the Commission has, for example, received complaints[53] that the proceeds of robberies and thefts committed in one Member State can be anonymously converted into cash in another Member State without any requirement to identify the customer if the amount of the transaction is less than €15,000.

Table 5 Member States with thresholds other than €15,000 for cash transactions, or imposing stricter requirements

BE || The following cash transactions are prohibited[54]: · Cash payment exceeding 5.000 EUR when purchasing one or more goods.

BG || CDD for cash transactions amounting to10.000 BGN or more (approximately 5.113 EUR) and a reporting obligation for any cash payment exceeding 30.000 BGN (approximately 15.339 EUR)[55].

DK || Retailers and auctioneers may not receive cash payments of DKK 100,000 (approximately 13.417 EUR) or more irrespective of whether payment is effected in one instance or as several payments that seem to be mutually connected[56].

FR || The following cash transactions are prohibited[57]: · Transactions over 3.000 EUR when the debtor has his place of residence in France or acting in a professional capacity; · Transactions over 15.000 EUR when the debtor does not have his place of residence in France or acting in a professional capacity and is not acting in a professional capacity.

IT || It is forbidden[58] to transfer cash, in euro or foreign currency between different persons when the value of the transaction, even if subdivided, is 1.000 EUR or more in total.

LV || Merchants dealing with precious metals, precious stones and articles thereof must report when a client pays cash in the amount of 10.000 Lats (approximately 14.100 EUR) and more.

RO || Payment operations between legal entities shall be made only by non-cash payment[59].

SI || Persons selling goods shall not accept cash payments exceeding 15.000 EUR from their customers or third persons when selling individual goods. This includes legal entities and natural persons who organise or conduct auctions, deal in works of art, precious metals or stones or products thereof, and other legal entities and natural persons who accept cash payments for goods.[60]

Source: Study by consultants Deloitte on the Application of the Anti-Money Laundering Directive

· Financial Intelligence Units (FIUs) – the Third AMLD requires each Member State to establish a Financial Intelligence Unit, to serve as a national centre for receiving, analysing and disseminating to the competent authorities suspicious transaction reports and other information regarding potential money laundering or terrorist financing. The manner in which this goal is achieved is not stipulated in the Directive, with the result that the organisational nature of FIUs differs across Member States (they can be administrative, judicial, or police structures). The current framework for FIU Cooperation is based around a Council Decision dating back to 2000 ('the Decision')[61]. Discussions at the FIU platform[62] have revealed a number of shortcomings with the existing arrangements. Practical experience has demonstrated the types of problems that result from different interpretations about the legal basis granted by the Decision to undertake specific types of cooperation, such as the automatic exchange of information when links are found with another Member State. Some of the problems in exchanging information stem from the different powers that FIUs have at national level, including the possibility to access information, with consequences for the effectiveness of cooperation.

· Group compliance/data protection: Both public and private stakeholders have pointed to a number of difficulties as regards their compliance with AML/CFT requirements while ensuring a high level of protection of personal data. Under AML legislation, private stakeholders need to collect and process data (e.g. to monitor transactions and customer relations against sanctions lists, to apply an AML policy at group level, to identify beneficial owners, to maintain records for criminal investigation purposes, etc.). There is a lack of clarity about how these requirements are to be reconciled with rules on data protection, in particular at national level, which is leading to incoherent approaches across Member States. In 2009 a Commission Staff Working Paper[63] found evidence of problems relating to sharing of data across the group, including difficulties to organise identification/verification of clients centrally, difficulties to monitor cross-border activities of customers across the group, and difficulties to share information on suspicious transactions[64]. Clarification is therefore needed in order to enhance effectiveness of AML/CFT prevention, especially for businesses operating across borders, while ensuring a high level of protection of personal data. In 2011, European Data Protection Authorities issued recommendations providing guidance as to the application of data protection rules in the context of AML/CFT[65], some of which could already be helpful in clarifying AML legislation. In addition, the Commission is revising the European framework on data protection and published a set of proposals in January 2012[66]. 

III.5. Baseline scenario – How will the problem evolve without action?

Under the baseline scenario, the preventive system applied by financial institutions and designated non-financial businesses and professionals would remain in place, but would not be adapted in light of changes to the international framework nor in light of the findings of the Commission's own review process. In the short run, these would mean that no additional costs would be incurred by private stakeholders or public authorities. However in the medium to longer term, failure to adapt the rules would mean that:

a) the EU framework would not be in line with international standards (see Table 3), EU Member States would receive negative ratings for compliance by the FATF and their financial markets and institutions would suffer reputational damage. There would be a risk that, in the absence of new EU rules, any remedial actions taken individually by Member States at national level would result in fragmentation of the EU framework, uncoordinated regulatory responses and complications in particular for cross-border AML/CFT compliance by obliged entities;

b) The EU framework would remain predominantly rules-based, and would not take account of new emerging risks and threats. Difficulties for cross-border compliance resulting from different national rules would persist and undermine the Internal Market (see Table 4).  

c) Failure to upgrade the AML/CFT system – and in particular failure to make better use of resources by strengthening the risk-based approach and placing more emphasis on the effectiveness of the framework – would leave the EU vulnerable to evolving threats arising from new business models and technologies. Deficiencies identified with the current rules as a result of the Commission's review process would not be corrected.

The consequences of the above shortcomings would lead to reduced effectiveness of the AML/CFT regime as well as negative reputational impacts[67], which would in turn:

a) Impair the Internal Market:  in particular, the lack of coherence between national rules would make the organisation of EU cross-border business models more complex and burdensome;

b) Negatively impact the stability of financial institutions and markets: the reputational damage to the EU financial markets and financial institutions resulting from negative listings by the FATF would impair the ability of EU financial institutions to operate with other global counterparts – who would require evidence that the specific EU financial institutions had robust AML regimes in place despite poor FATF ratings of the EU framework.

c) Negatively impact the EU economic situation:  reduced interconnectivity of the financial system would harm business interests – especially internationally;

d) Generate societal risks through increased ease of access by criminals and terrorists into the EU financial system: a system which, through lax controls, permits money laundering and terrorist financing is at risk that the proceeds of crimes are fed back into the system in order to fund additional criminal or terrorist activities.

These impacts are illustrated in the following problem tree.

III.6. Problem Tree

Problem Drivers

Consequences

General Problems

III.7. The EU's right to act and justification

The Treaty on the Functioning of the European Union empowers the European Commission to act in the area of the Internal Market. In particular Articles 26 and 114 stipulate that "the Union shall adopt measures with the aim of establishing or ensuring the functioning of the internal market" and "adopt the measures for the approximation of the provisions laid down by law, regulation or administrative action in Member States which have as their object the establishment and functioning of the internal market".

Member States have already recognized this need for action at EU level by adopting legislative measures in this area (see section III.2 and Annex II). Recital 2 of the Third AMLD states: "The soundness, integrity and stability of credit and financial institutions and confidence in the financial system as a whole could be seriously jeopardised by the efforts of criminals and their associates either to disguise the origin of criminal proceeds or to channel lawful or unlawful money for terrorist purposes. In order to avoid Member States' adopting measures to protect their financial systems which could be inconsistent with the functioning of the internal market and with the prescriptions of the rule of law and Community public policy, Community action in this area is necessary."

Furthermore, according to the subsidiarity principle, the EU should act where it can provide better results than could be achieved by a response at Member State level. Recital 46 of the Third AMLD states that "since the objective of this Directive […] cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and effects of the action, be better achieved at Community level, the Community may adopt measures, in accordance with the principle of subsidiarity".

As massive flows of dirty money and terrorist financing can damage the stability and reputation of the financial sector and threaten the internal market, any measures adopted solely at national level could have adverse effects on the EU Single Market: an absence of coordinated rules across Member States aimed at protecting their financial systems could be inconsistent with the functioning of the internal market and result in fragmentation. EU action is also justified in order to maintain a level playing field across the EU – with entities in all Member States subject to a consistent set of AML/CFT obligations[68].

The evaluation of the new international standards will begin in the fourth quarter of 2013. Unless the Commission provides clear and early indications of the desired EU approach to their implementation, there is a risk that those EU Member States who will be evaluated first will opt for solutions which may not coincide with the proposed EU approach, thus rendering agreement of common EU rules more difficult.

EU action should be limited only to what is necessary in order to attain the objectives, and must comply with the principle of proportionality. Several policy options are considered in Chapter V and in Annex III. The proportionality of each option has been analysed with regard to its effectiveness. In all cases, the measures considered do not exceed what is necessary for the effective prevention of money laundering and terrorist financing.

The EU's right to act also needs to be examined in the light of the Charter of Fundamental Rights of the European Union ('the Charter'). The potential impacts of the proposal on Articles 2, 7 and 8 of the Charter (right to life, right of privacy and protection of personal data) are explained in detail in section VII.1 of this report.

Finally, with the adoption of revised international standards, commitments have been taken by the Commission as well as all EU Member States (either directly or via their membership of FATF or Moneyval) to ensure their implementation.

IV. Objectives

The overarching objectives for the revision of the AML framework are identical to those enshrined in the Third AML Directive and the Fund Transfers Regulation: protecting the financial system and the single market from abuse by criminals seeking to launder illicit proceeds, or from terrorists seeking to fund terrorist activities or groups.

The following general objectives, which in part reflect the objectives expressed in the recitals of the Third AMLD, are aimed at addressing the general problems identified in the problem tree:

1 || Strengthen the Internal Market by reducing complexity across borders.

2 || Safeguard the interests of society from criminality and terrorist acts.

3 || Safeguard the economic prosperity of the European Union by ensuring an efficient business environment.

4 || Contribute to financial stability by protecting the soundness, proper functioning and integrity of the financial system.

The specific objectives are linked more directly to the specific nature of the policy intervention:

1 || Ensure that the AML/CFT framework meets high standards in order to safeguard the EU financial system.

2 ||  Improve the effectiveness of AML/CFT regimes and thus  protect the financial system and the single market from money laundering and terrorist financing.

The operational objectives are more specifically aimed at addressing the problem drivers identified in the problem tree:

Table 6 Operational Objectives

Problem Driver 1 || Operational objective

Inconsistency with international standards · Assessment of the international standards have identified inconsistencies with the EU legal framework · The revision of the international standards in February 2012 requires that the EU framework be aligned to the new standards || Ensure that the EU approach is consistent with the approach followed at international level by extending the scope of application, strengthening and clarifying current requirements.

Problem Driver 2 || Operational objective

· Existing rules of the Third AMLD are applied differently by Member States leading to reduced legal certainty || Ensure consistency between national rules and where appropriate flexibility in their implementation by strengthening and clarifying current requirements.

Problem Driver 3 || Operational objective

· There are inadequacies and loopholes associated with the current EU rules. || Ensure that the rules are risk-focused and adjusted to address new emerging threats, by strengthening and clarifying current requirements.

V. Policy Options: Description, Comparison and Impacts

This section presents the policy options and their impacts for each policy area individually. Impacts are measured in terms of effectiveness (i.e. the extent to which they achieve the objective of the proposal), efficiency (notably cost-effectiveness) and coherence with other overarching objectives of EU policy.

V.1. Summary Description, Assessment and Comparison of the Main Policy Options

An important general issue to be addressed is the level of harmonisation to be achieved in order to meet policy objectives. Two approaches have been considered, with the preferred option being the one which would most appropriately fit to all the dimensions analysed in Table 7.

1. Fully harmonise the framework:

A number of stakeholders have called for a full harmonisation approach, which would entail the application of a single set of rules across the EU. Full harmonisation would represent the best way of achieving a consistent approach across the Internal Market, while implementing international standards. However, it would fail to ensure an appropriate degree of flexibility across Member States so that they can address the risks which are specific to their jurisdiction. This option would not therefore fully satisfy Operational Objective 2. Furthermore, by denying an appropriate degree of flexible implementation, a fully harmonised framework may also run counter to the risk-based approach, potentially leading to EU Member States being found non-compliant with the international standards. Although there would be cost advantages for cross-border businesses, there would most likely be significant adjustment costs needed for businesses operating only in domestic markets, who would gain no additional benefits from the single market. Full harmonisation across the board would therefore not be appropriate.     

2. Introduce additional elements of harmonisation in selected areas:

This approach would allow Member States to maintain a necessary degree of flexibility in appropriate circumstances at national level, in recognition that this is the most effective way to address crime prevention and to ensure a tailored approach in certain areas. Targeted harmonisation can ensure that Member States are able to retain flexible approaches in certain areas (e.g. in the cases which call for the implementation of risked-based procedures), thus recognising that certain risks may be different across Member States. The harmonising approach also brings convergence of rules in other areas (e.g. modifying the scope in order to ensure a level playing field and to enhance the Internal Market, converging approaches to identify the beneficial owner, improving comparability of statistical data, etc.).

When adjusting the existing framework, each separate dimension under consideration needs to be assessed in light of how effectively it strikes an appropriate balance between flexibility and convergence. In the event that the balance is too far weighted in favour of a flexible approach, further consideration is needed with respect to mitigating elements, such as putting in place processes to ensure further convergence (e.g. by mandating European supervisors to publish guidance, or by including the possibility for elements of risk assessments to be conducted at EU level). 

Thus framed, targeted measures to promote convergence should achieve a correct balance between promoting consistency while at the same time maintaining an appropriate degree of flexibility. The policy options corresponding to each dimension under Table 7 have been assessed with a view to achieving that correct balance, while – to the extent possible – meeting the operational objectives.

V.2. Main Policy Options Relating to the Operational Objectives

The assessment of policy options in this section represents a summary of the more detailed analysis of policy options contained in Annex III. The views of different stakeholders groups are systematically presented in the same Annex, when comparing the identified policy options. For reasons of simplicity, the policy options have been segregated according to the three different operational objectives. It is however clear that there are overlaps between the problem drivers and objectives and that certain of the changes under consideration could be viewed from various angles (e.g. adapting a risk-based approach in order to adhere to the international standards, while finding the right solutions from an Internal Market perspective). The "no change option" has been assessed in detail under the baseline scenario, and the analysis is not repeated here[69]. In most cases, the status quo would not be a realistic alternative, due to the consequences associated with non-implementation of the international standards.

The assessment of options is made extensively in Annex III to this Impact Assessment. Table 7 presents the results of that analysis in the form of each preferred option, as well as the alternative option that was assessed.

Table 7 Description, assessment and comparison of the main policy options

DIMENSIONS || Policy Options relating to Operational Objective 1 (Ensure that the EU approach is consistent with the approach followed at international level by extending the scope of application, strengthening and clarifying current requirements).

|| Preferred Options || Alternative Options

1. Inclusion of tax crimes in the scope || DESCRIPTION: include an explicit reference to tax crimes as a predicate offence. It would not provide a precise definition, but use the existing threshold approach applied in the case of serious crimes. || DESCRIPTION:  include tax crimes as a specific predicate offence, and design detailed rules for the circumstances in which the offence is committed. 

ASSESSMENT: This option would achieve, in terms of effectiveness, efficiency and coherence, the objective set. It would bring about a degree of consistency across Member States, although some differences across jurisdictions would still remain. It would comply with the international standards and send a clear signal with respect to tax crimes. || ASSESSMENT: This would be the optimal option to achieve Internal Market goals. In terms of effectiveness it would ensure coherence across the EU, while sending a clear signal with respect to tax crimes. It would facilitate a more efficient environment for cross-border businesses and would be in line with international standards. It would however entail substantial delays due to political difficulties in agreeing a common list of types of tax evasion. This would result in delaying the agreement on the whole AML/CFT package and for these reasons it should not be retained. 

COMPARISON: Effectiveness Efficiency Coherence || +++ 0 + || +++ 0 0

2. National Risk Assessments || DESCRIPTION: introduce a requirement for Member States to carry out a risk assessment at national level and take measures to mitigate risks. An option would also be introduced for supranational risk assessments to be undertaken in areas to be determined. || DESCRIPTION: treat the EU as a single jurisdiction and require a risk assessment to be carried out at EU level, prescribing actions to mitigate risks at EU level.

ASSESSMENT: This option would meet the objective of strengthening the requirement to carry out national risk assessments. The approach would be fully in line with international standards, while recognising the specific supranational character of the European Union. It would give flexibility for Member States to recognise national differences. || ASSESSMENT: This option would result in greater convergence between Member States' approaches. It would bring about more legal certainty for obliged entities operating across borders. However a supranational risk assessment may be very costly and resource intensive. In terms of efficiency and coherence, such prescriptive rules may lead to less flexibility and adaptability, impairing effectiveness of AML regimes.

COMPARISON:                    Effectiveness Efficiency Coherence || ++ + 0 || 0 - - 0

3a.   Customer Due Diligence || DESCRIPTION: Member States to ensure that EDD must be conducted in certain situations of high risk, while allowing them to permit SDD in lower risk situations. Determination of the level of risk would be based on examples of the factors to be considered (such as geography, customer type, delivery channel, etc.). Guidance on its application would be provided by EU bodies (e.g. ESAs and other appropriate EU bodies/agencies/committees). || DESCRIPTION: introduce prescriptive provisions into the Directive setting the conditions for applying EDD and SDD.

ASSESSMENT: This option would facilitate a targeted approach to risk, resulting in better mitigation. Publication of guidance would ensure coherence of approach across EU Member States. It would be in line with the revised FATF standards. There could be short-term costs to implement systems, and differences of interpretation would still remain. However, the benefits appear to outweigh the disadvantages. || ASSESSMENT: This option would ensure a consistent approach and a level of certainty. The current rules already include – to a certain extent – prescriptive rules for the application of EDD and SDD, in some cases left to Member State discretion. However this option would not be sufficiently flexible to deal with the changing nature of ML/TF risks.  Moreover, it would require a resource-intensive EU-wide risk assessment in order to determine appropriate prescriptive provisions and would not allow Member States any flexibility to respond to specific risks that they might be facing.

COMPARISON: Effectiveness Efficiency Coherence || + + 0 || 0 - - 0

3b.   Equivalence of third country regimes || DESCRIPTION: Remove the "white list" process. Countries deemed to have AML systems not equivalent to those in the EU are treated as a factor/example to be taken into account by obliged entities when considering geographical risk. || DESCRIPTION: completely remove the "equivalence" process, leaving Member States and obliged entities to make their own decisions about risks associated with third country regimes. 

ASSESSMENT: This option would ensure consistency of treatment of third countries across the EU, while recognising that some third countries do not meet high EU standards. It would allow the use of a risk-sensitive approach. However, different applications across EU Member States may remain. || ASSESSMENT: This option would arguably be the most risk-sensitive approach; it would avoid the concentration on one risk factor (i.e. geography). In contrast, in terms of coherence it would result in the least convergence of approaches across EU Member States.

COMPARISON: Effectiveness Efficiency Coherence || ++ 0 0 || 0 0 -

4. Risk-Sensitive Approach to supervision || DESCRIPTION: specific recognition in the Directive that supervision can be carried out on a risk-sensitive basis, with a role given to ESAs to develop more detailed measures. || DESCRIPTION: allow full discretion for supervisors to apply a risk-sensitive approach to supervision, without any additional measures at EU level.

ASSESSMENT: This option would allow supervisors to adopt approaches which are more targeted towards risk. The concept would be appropriate in developed sectors (such as banking, securities and insurance supervision), and less so in certain DNFBP sectors where a sectorial approach at EU level might not be viable at present. || ASSESSMENT: This option would maximise flexibility for all supervisors, but would potentially lead to a lack of convergence as each sector in each Member State would be supervised according to different risks and principles.

COMPARISON: Effectiveness Efficiency Coherence || + + + 0 || + 0 0

5. Treatment of Politically Exposed Persons || DESCRIPTION: introduce new requirements for domestic PEPs/PEPs working in international organisations, with risk-sensitive measures to be taken. As not all such PEPs are automatically higher risk, a risk sensitive element would be introduced to allow obliged entities to assess the risks that they pose and to apply appropriate mitigating measures. || DESCRIPTION: require EDD for all types of PEPs (not just foreign PEPs).

ASSESSMENT: This option would continue to address highest risks (foreign PEPs) and allow a graduated approach to other PEPs. However, the differential approach might cause some confusion for obliged entities, who would need to apply different standards to different categories of PEP. The approach is consistent with the international standard.  || ASSESSMENT: By requiring a certain level of enhanced due diligence to be conducted for each category of PEP this option would give greater clarity and more consistency to the provisions, while placing the EU ahead of the international standard. It would however come with a high cost for industry, without a corresponding benefit.

COMPARISON: Effectiveness Efficiency Coherence || + + 0 + || + 0 -

6. Availability of beneficial owner (BO)information || DESCRIPTION: require all companies to hold information on their BO. This would need to be made available to competent public authorities and entities/ persons covered by the Directive. || DESCRIPTION:  require Member States to set up public registries on shareholders, beneficial owners and nominees.

ASSESSMENT: This option would allow greater transparency of information on the ultimate beneficial owner of companies. It would ensure coherence with Commission's policy and the international standards.  Nonetheless, some cost would be necessary for recording and maintaining this information, and making it available upon request. It would meet the demands of the European Parliament and civil society, and assist entities and persons covered by the Directive in carrying out CDD. || ASSESSMENT: If properly implemented, this option would increase the level of transparency and would meet the demand from civil society and European Parliament. It would assist obliged entities. However, it would be a challenge to maintain up-to-date information and it would entail substantial costs for Member States.

COMPARISON: Effectiveness Efficiency Coherence || + + ++ || + 0 0

7. Electronic fund transfers || DESCRIPTION: amend the Fund Transfers Regulation to reflect the new international standard by introducing a requirement to include information on the beneficiary to accompany the fund transfer, as well as limit exemptions from scope. || DESCRIPTION: require beneficiary and payer information to accompany the payment as per the international standard, and require identity verification as of €0 (as opposed to the existing threshold of €1,000).

ASSESSMENT: Ensuring that beneficiary information is included in all electronic fund transfers would provide an effective tool for law enforcement and ensure full traceability of all transfers. However, it would imply (limited) additional costs for business to adapt the payment systems. || ASSESSMENT: This option would be the most effective way of ensuring full traceability of electronic fund transfers, while exceeding international standards. In contrast, in terms of efficiency, it would entail significant additional costs for non-account based payment service providers.

COMPARISON: Effectiveness Efficiency Coherence || + - + || - - +

|| Policy Options relating to Operational Objective 2 (Ensure consistency between national rules and where appropriate flexibility in their implementation by strengthening and clarifying current requirements).

|| Preferred Options || Alternative Options

8. Comparability of statistical data || DESCRIPTION:  reinforce and make more precise the requirement under Art. 33 with respect to collecting and reporting statistical data in order to ensure more comprehensive and comparable statistics. || DESCRIPTION: provide further guidance on how reporting by Member States should be carried out with a view to achieving more coherence between data sets.

ASSESSMENT: This approach would enhance comparability of important effectiveness indicators across the EU. It would be consistent with the international standards and in general with our objective. However, comparability across Member States would possibly remain impaired as a result of underlying differences with respect to AML approaches. || ASSESSMENT: This option improves the ability to measure effectiveness of the EU framework. It would be in line with the international standards. However, comparability across the Member States would remain difficult. Thus it would not be the best means to achieve the pursued objective.

COMPARISON: Effectiveness Efficiency Coherence || + - + || + - 0

9. Identification of  Beneficial Owner. || DESCRIPTION: maintain the approach which requires identification of the BO as of a 25% ownership threshold, but clarify what the "25% threshold" refers to, particularly in relation to holding companies, as well as question of indirect ownership. || DESCRIPTION: remove the existing 25% threshold and replace it with a stricter requirement to always find the natural person who owns/controls the company.

ASSESSMENT: This option would meet the objective of clarification. It would offer flexibility for guidance by ESAs. Nonetheless, the concentration on the threshold may not always find the ultimate beneficial owner. || ASSESSMENT: This option would target the potential risk (i.e. person who controls the company), with a potential positive outcome in terms of effectiveness. However, it would lead to greater expense for obliged entities and to a lack of clarity, unless detailed guidance is prepared. Moreover, the lack of appropriate guidance as to what was expected could lead to a lack of convergence across Member States (as to the interpretation of the person who "controls" a company).

COMPARISON: Effectiveness Efficiency Coherence || + ++ + || + 0 -

10. Home and host supervisory responsibilities for AML || DESCRIPTION: introduce new rules clarifying that branches and subsidiaries situated in other Member States than the head office apply host state AML rules and reinforce cooperation arrangements between home and host supervisors. || DESCRIPTION: baseline scenario -   no change to the current framework, as the Commission has already published a staff working document which clarifies the articulation between the Payment Services Directive and the Third AMLD.

ASSESSMENT: It would establish a clear legal footing for supervisors. It would in addition increase clarity for businesses and coherence across the EU. On the other hand it could reduce flexibility for Member States. || ASSESSMENT: According to some stakeholders and public authorities the staff working document does not provide sufficient legal certainty for the notion of home host responsibilities. It would therefore not achieve the objective, as it would not provide supervisors and obliged entities with legal certainty.

COMPARISON: Effectiveness Efficiency Coherence || +++ 0 0 || 0 0 0

11.  Sanctions regimes || DESCRIPTION: introduce a set of minimum principles-based rules to strengthen administrative sanctions, along the lines of the Commission's policy as outlined in its Communication "Reinforcing sanctioning regimes in the financial services sector". || DESCRIPTION: introduce a set of common prescriptive rules (e.g. setting the level of sanctions according to different offences).

ASSESSMENT: It would enhance compliance by obliged entities and comparability between Member States. It would allow for a more consistent approach across Member States thereby ensuring a greater level playing field and facilitating the business environment. || ASSESSMENT: It would fulfil to a certain extent the objective as it would create a more level playing field, while enhancing coherence across Member States. The Commission's policy outlined in its Communication "Reinforcing sanctioning regimes in the financial services sector" already partly advocates such an approach. However, in the field of AML, moving beyond the principles based approach would not allow for flexibility for Member States and it could prove to be difficult in practice to agree on a more detailed and prescriptive approach.

COMPARISON: Effectiveness Efficiency Coherence || ++ + + || - - + +

|| Policy Options relating to Operational Objective 3 (Ensure that the rules are risk-focused and adjusted to address new emerging threats, by strengthening and clarifying current requirements).

|| Preferred Options || Alternative Options

12. Broadening scope to cover gambling || DESCRIPTION: broaden the scope of the Directive beyond "casinos" to cover the gambling sector, based on a broad definition of gambling. The scope for exemptions from coverage would be limited only to circumstances where there is a very low risk of ML/TF. || DESCRIPTION: adapt the scope to cover gambling activities where there is a proven higher risk.

ASSESSMENT: This option would achieve our objective in terms of effectiveness, efficiency and coherence. It would enhance effectiveness of the fight against ML/TF and it would be simpler to apply. It would level the playing field within the gambling sector, given the fact that some Member States already apply AML rules across the gambling sector. In contrast, it would entail additional costs to sectors not currently covered by the framework and additional costs to supervise. || ASSESSMENT: This option would enhance the effectiveness of the fight against ML/TF, it would level the playing field with non-obliged gambling sector. At the same time, in terms of efficiency, it would not impose any costs on the gambling businesses which remained outside the scope of the Directive. However, it would be more complex to apply due to the need for identification of higher risk activities and it would entail additional costs to supervise.

COMPARISON: Effectiveness Efficiency Coherence || ++++ 0 + || + - - -

13. Data protection || DESCRIPTION: introduce new rules in the Directive to clarify the interaction between AML/CFT and data protection requirements, in particular relating to data sharing within groups. || DESCRIPTION: require Member States to clarify interaction between AML/CFT and data protection rules at national level.

ASSESSMENT: This option would enhance coherence across Member States, would help reduce legal uncertainties businesses are confronted with and would bring about cost savings for groups. It would be in line with the new international standards. || ASSESSMENT: It would help reduce legal uncertainties with which businesses are confronted and therefore enhance their compliance with AML rules. It would moreover ensure compliance with a high level of data protection. Nonetheless, it would not remove incoherence across Member States as a result of differing national interpretations.

COMPARISON: Effectiveness Efficiency Coherence || +++ 0 +++ || ++ + -

14. Thresholds for traders in high value goods || DESCRIPTION: reduction of the scope and CDD thresholds for traders in high value goods from €15,000 to €7,500[70] for cash transactions. CDD measures would need to be applied for cash transactions of €7,500 and above. || DESCRIPTION: reduction of the scope and CDD thresholds to zero for specified obliged entities (e.g. dealers in precious metals and stones, second hand car dealers, etc.).

ASSESSMENT: It would address risk of use of cash, while bringing the threshold more in line with the common practice in Member States. It would bring more obliged entities into the scope, with potential cost implications. || ASSESSMENT: On the one hand it would ensure firm controls on the use of cash, while a single threshold would promote certainty. Some Member States already apply lower thresholds or indeed even forbid use of cash for certain transactions above certain thresholds (see Table 5). On the other hand, such an approach could drive the use of cash underground, and impact on financial inclusion

COMPARISON: Effectiveness Efficiency Coherence || +++ 0 +++ || + - +

15. Cross-border cooperation between FIUs || DESCRIPTION: introduce new provisions into the Directive regarding FIU powers and cooperation, including an explicit legal basis for the matching of anonymous data between the EU FIUs and clarifying the circumstances under which exchange of information can take place . || DESCRIPTION: establish a single European FIU to receive and analyse and disseminate to the competent authorities disclosures of information from obliged entities operating within the EU.

ASSESSMENT: Introducing new requirements would strengthen FIU powers and cooperation. It would enhance effectiveness of the fight against ML/FT, as well as give legal clarity. However, some difficulties to exchange information may still remain. || ASSESSMENT: This option would enhance effectiveness of the fight against ML/TF; it would also bring about potential advantages in terms of economies of scale and efficiency. However, it would require substantial modifications to Member States' laws permitting cross-border cooperation and information sharing. In addition it could have a negative impact on the agreement of the Member States on the whole package.

COMPARISON: Effectiveness Efficiency Coherence || +++ 0 + || + 0 0

VI. Analysis and quantification of Impacts VI.1. Compliance costs of the existing framework

While the Third AMLD was not accompanied by an Impact Assessment at the time of the proposal, the cost implications of the current framework have nevertheless been evaluated on an ex post basis. In 2009 an external study[71] by consultants Europe Economics on behalf of the Commission assessed the costs of compliance with a number of Financial Services Action Plan measures (FSAP)[72], including the Third AMLD. The study concentrated on firms from four sectors within the financial services industry in the EU: banks and financial conglomerates, asset managers, investment banks and financial markets.

The study's findings indicated that the cost of compliance with AML requirements was not insignificant and had increased in recent years following the regulatory changes introduced in the EU, notably through the Third AMLD[73]. The focus was on the so-called ‘incremental compliance costs’ caused by the FSAP measures, rather than on the total costs of activities that contribute to regulatory compliance.

The study identified separately cost impacts that were of a one-off nature (i.e. those costs that only have to be incurred once in making the transition, such as IT investment and the re-shaping of business processes) from those that were recurring in nature (on-going costs as a result of regulation). The one-off costs of compliance with the AML Directive for banks, financial conglomerates and investment banks roughly accounted for 10% of all their financial services regulatory costs, while for on-going costs of compliance, the percentage increased to around 13% of all their financial services' regulatory costs.

The main source of AML-related compliance spending was on IT. In terms of one-off costs, this included projects designed to: (i) meet the “Know Your Customer” requirements; (ii) facilitate increased monitoring of suspicious transactions through increased automation of processes; (iii) facilitate PEPs screening; and (iv) assist in risk assessment. In terms of on-going costs, the majority of IT expenditure was linked to access costs to various databases dedicated to the tracking and screening of relevant parties such as PEPs, watch lists etc. While some firms (generally larger banks) viewed automation as the only way to provide the necessary evidence of an audit trail to the regulatory authorities in the event of problems arising (as well as being cost effective by comparison to manual effort), a number of firms had opted to retain significant (or total) human oversight in this area. Training and (for larger banks) recourse to external consultants were also important sources of costs.

VI.2. Measuring Administrative Burden under the existing framework

The study carried out by Europe Economics on the costs of compliance of the Third AMLD contained elements relevant to the measurement of administrative burden in the case of different types of financial institution. The calculations closely reflect those measured under the Standard Cost Model (which breaks down regulation into a range of manageable components that can be measured; information obligations[74], data requirements[75] and administrative activities[76]). The costs measured in the study in large part relate to similar measurable elements (implementation of IT systems, reporting (both internal and external), hiring additional staff, as well as costs relating to understanding legal requirements). To the extent possible, these costs have been calculated to exclude business as usual costs related to information needs which would be necessary without the imposition of AML rules. In the table below, which specifically relates to administrative burdens borne by banks and financial conglomerates, the costs are broken down according to one-off and ongoing costs, and are presented as a percentage of the total compliance costs associated with the Third AMLD.   The types and level of costs will differ across business models, however this information is also illustrative of the types of costs facing those entities that will be newly obliged under the enlarged scope of the new proposal.

Table 8 Breakdown of costs associated with administrative burden (banks and financial conglomerates)  

One-off costs

Familiarisation with the Directive || 3 %

Consultancy fees || 11 %

Legal Advice || 1 %

Training || 22 %

Staff recruitment costs || 2 %

Investment in/updating IT || 54 %

Project Management || 7 %

Other || 0 %

Mean incremental cost per bank of measures related to implementation of the Third AMLD || € 4,588,000

Ongoing Costs ||

Additional staff || 37 % ||

Internal Reporting || 4 % ||

IT || 31 % ||

External Reporting || 5 % ||

Training || 13 % ||

Audit || 10 % ||

Other || 0 % ||

Mean value of ongoing compliance cost per bank related to the requirements in the Third AMLD || € 1,195,000 ||

Further analysis is provided in Annex IV.

VI.3.  Compliance Costs resulting from the changes to the framework

Measuring the compliance costs resulting from the changes to the framework is particularly challenging for a number of reasons:

· In practice, there is no reliable methodology which would allow clear separation of additional costs from business as usual costs (e.g. costs associated with correct customer identification, IT costs relating to the general administration of the system, distinction from periodical IT system upgrades, etc.);

· Precise information from stakeholders has been difficult to obtain, and information from reliable independent sources is very scarce;

· Possibilities to extrapolate across sectors using existing data are limited, as the types of entity, and the cost structures, are so diverse.

Nevertheless, this section has pulled together available information which, although only partial, is intended to illustrate the key cost elements associated with the introduction of a new framework.

The changes to the existing framework will have a number of impacts for obliged entities, such as those identified in the Europe Economics study (the need for new IT investments, staff training, a potential increase in the number of consultations of external data bases - e.g. as a consequence of the broadened requirement to consider also domestic politically exposed persons), an increase in the number of suspicious transaction reports to be filed (e.g. as a result of the obligation to file suspicious transaction reports in any country affected by a suspicious wire transfer). Where the scope is broadened to encompass entities that were hitherto outside the scope of the framework (e.g. in the gambling sector, in those Member States that have not already extended the scope of their AML legislation beyond casinos[77]), there will also be one-off costs linked to investment in new systems. Such one-off costs are expected to be lower in the case of obliged entities who are already applying the AML/CFT rules.

This section is aimed at analysing the administrative costs that could be imposed by introducing a new legal framework; the costs that obliged entities may incur can be classified in different categories: (i) one-off costs (i.e. those costs that only have to be incurred once in making the transition, such as IT investment and the re-shaping of business processes) and; (ii) ongoing compliance costs (i.e. IT expenditure linked – in particular to access costs to various databases dedicated to the tracking and screening of relevant parties such as Politically Exposed Persons, watch lists etc., and additional staff).

The below table summarises the most significant impacts of the proposed revisions to the AML framework and their cost implications, where relevant for existing obliged entities, newly obliged entities, supervisory authorities, national administrations, FIUs as well as, in the case of beneficial ownership information, the costs for all legal entities.

Table 9 Cost/impact implications for various new measures (preferred options)[78]

|| || One off costs || Ongoing costs

Greater integration of a risk-based approach (relevant to dimensions 2, 3a, 3b and 4 in Table 7) || Obliged entities || - Potential high impact: adaptation of existing systems will entail IT and staff training costs, as well as staff costs associated with identification, assessment and mitigation of the entity's own ML /TF risks[79]. For example, in the case of law firms, the cost of putting in place new risk assessment procedures has been estimated by the UK Law Society to average £1,200 per larger firm, and £300 per smaller firm[80]. Across the sector in the UK, the total cost is estimated at around £2.5 million. || - Medium impact: continual training and updating of risk assessments.

Supervisors || - Potential high impact: will need to review ML/TF risk profiles and risk assessments prepared by the supervised entities. There will also need to be coordination at EU level and identification of supranational risk elements. || - Potential high impact: They will need to apply a risk-based approach to supervision, based on their understanding of the ML/FT risks present in the country and within the entities they supervise. In the financial sector, until now the supervisory approach (in particular the number of on-site inspections) varies significantly across EU Member States[81]

National administrations || - Potential high impact: A comprehensive national risk assessment needs to be undertaken – an authority needs to be designated to coordinate actions to assess risks and apply resources aimed at mitigating risks. || - Potential high impact: The risk assessment needs to be kept up-to-date. Work will be needed to coordinate risk assessments at EU level

Broaden the existing scope (relevant to dimensions 1, 12 and 14 in Table 7). || Existing obliged entities || - Low impact: given that some systems are already in place, although new elements (e.g. risk assessments) will still need to be carried out. || - Low impact: inclusion of tax crimes as a predicate offence may entail broader monitoring for suspicions of the predicate offence than is currently the case, although this is not expected to impact significantly.

Newly obliged entities || - Potential high impact: e.g. in the gambling sector, newly obliged entities will need to make investments in new systems, staff training, etc. Although the business models differ significantly and cross-sector extrapolation should not be  done lightly, experience in the financial sector indicates that one off costs associated with adapting to AML/CFT requirements can account for between 0.16 - 0.29 % of total operating expenses. Only 9 Member States have restricted their frameworks to casinos only (see Annex IX) – in the other cases, parts or all of the gambling sector are already covered, hence the impact in those countries will be less significant. Some impact for traders in goods as a result of reduction of threshold to €7,500 for cash transactions, although it is most probable that rather than incur AML compliance costs, most traders would insist on non-cash means of payment above the threshold. . || - Potential high impact: IT expenditure, additional staff recruitment costs, costs linked to access to databases (PEPs, etc.). Experience in the financial sector indicates that on-going compliance costs amounted to 0.05%-0.13% of operating expenses.   In the gambling sector, significant business as usual costs (e.g. efforts to counter the risks of fraud and cheating, monitoring the activities of players in order to safeguard the gaming activities), already occur, meaning that the incremental ongoing costs of administering additional AML checks may not be that great. The variety of business models in the gambling sector make estimating average costs challenging. By way of example, information provided by the industry[82] on the costs of AML compliance in the case of two casinos in the EU under the existing framework illustrates the significant differences according to the size of the business. In the first example, the total costs of compliance annually amounted to €118,050. In the second example of a larger casino, annual compliance costs amounted to €1,038,400. As AML requirements entail seeking knowledge and understanding of customers, there are likely synergies between existing practices and the new requirements. For traders in goods and services operating above the €7,500 threshold for cash transactions[83], the number of customers who need to be verified for AML purposes is likely to be very low in reality. 6 EU Member States already apply thresholds below €15,000.

Supervisors || - Medium impact: Supervision of entities not hitherto covered will entail additional costs for supervisors and may require more staff as well as systems adjustments – this mainly affects the gambling regulators. || - Medium impact: More staff will be needed for supervision of newly obliged entities (mainly in the gambling sector).

Financial Intelligence Units || - Low impact: Systems adjustments may/may not be needed to handle investigations into tax crimes (in some Member States, tax crimes are already covered) and the broader scope of gambling activities. || - Low impact: Reception and analysis of additional STRs. Outreach and feedback to newly obliged entities.

Expand definition of PEPs (relevant to dimension 5 in Table 7) || Obliged entities || - Low impact: Initial identification of domestic PEPs and PEPs working in international organisations will be necessary || - Potential high impact: Additional costs will be needed in order to check PEPs databases, and to periodically review existing domestic PEPs. Increase in administrative costs due to more false positives. By way of example, a query to a private database in the UK costs between £0.15 - £1.00, depending on the profile of the customer. However in the case of e.g. the gambling sector, consultations of such databases are not solely required with respect to AML compliance, but also may be required for other purposes (e.g. need to check eligibility, age, etc..)

Supervisors || - Low impact: Guidance to obliged entities on how the new rules on PEPs need to be interpreted. || - Low impact: Possible additional supervision of risk decisions taken for new categories of PEPs.

Financial Intelligence Units || || - Low impact: Reception and analysis of additional STRs as more classes of PEPs are monitored may have resources implications.

Enhance availability of beneficial ownership information (relevant to dimension 6 in Table 7) || Obliged entities || - Low impact – no implications for major systems changes. || + Potential high positive impact: Greater assistance in identifying the BO should lead to reduced costs. Information provided by the European Federation of Accountants  (FEE) indicates that under the existing framework, CDD checks take on average 0.5-1 hour for "normal" clients, but up to one day, or even two days, in the case of more complex corporate/trust clients. Similar estimates might be applied in the case of the legal profession. Improvements in transparency resulting from an obligation on firms to have information on their beneficial ownership already available would be expected to considerably reduce the time required for CDD checks.

National administrations  || - Low/medium impact: Depending on which option is chosen by a Member State, possible cost of setting up a national register.  || - Low/medium impact: Possible cost of maintaining a national register.

Firms || - Potential high impact: New requirement on firms to hold and make available information on their beneficial owner(s). For individual firms, this requirement would not be expected to entail significant burdens. However given the total number of firms to which this would apply, there could be significant cumulative impacts.  || - Potential high impact: Need to keep information on BO updated. Firms are better placed to understand their ownership structure than obliged  entities – for many (especially smaller) firms this is not expected to amount to substantial additional costs. Costs are likely to be higher in case of firms with more complex and fluid ownership structures.

Enhanced information requirements for electronic transfers (relevant to dimension 7 in Table 7) || Obliged entities || - Low impact: Inclusion of beneficiary information is not expected to result in significant additional costs as it is already included in most fund transfers. Concerns have been expressed about potential initial difficulties in the case of PSPs, who operate globally and also in developing countries. In case of slower adaptation in developing countries, it may be necessary to suspend business relationships with PSPs in those countries, leading to potential serious costs[84]. || - Low impact: Increased costs to be expected due to incomplete information about the beneficiary (payment will be either rejected or more information from the payee's institution requested). However evidence supplied by external consultants responsible for reviewing the FTR suggests that rejection of transfers does not seem to be common practice of PSPs, as issues around missing information tend to be resolved in a different way (e.g. requests for complete information, dialogue with counterparts, etc.).

Financial Intelligence Units || - Low impact in terms of costs. Law enforcement authorities and FIUs should have a more effective tool to trace terrorist/criminal fund transfers. || - Low impact: Possible increase in the number of STRs filed.

Clarify home/host supervisory respons-ibilities (relevant to dimension 10 in Table 7) || Obliged entities || - Medium impact: requirements to comply with host state AML rules may entail the need for a local compliance structure/facility. || - Medium impact: requirement to file STRs locally will have cost implications (these will vary according to the type of business model)  although clarification of supervisory arrangements should facilitate business (greater legal certainty).

Home Supervisors || - Low impact: Need to provide information on obliged entities to host state supervisors. Need to establish appropriate cooperation arrangements with host supervisors. || + Low impact: emphasis on cooperation between home and host supervisors means that some of the tasks normally carried out by the home supervisor may need to be carried out by the host supervisor.

Host Supervisors || + Medium impact: Will need to put in place arrangements to ensure compliance with local AML/CFT. However such structures should facilitate the job of supervision. They will also need to work closely with home supervisors to establish appropriate cooperation arrangements. || + Medium impact: Supervisors should have the possibility to rationalise AML/CFT compliance supervision through proportionate measures, e.g. local AML compliance structures.

Strengthen and converge national penalty regimes (relevant to dimension 11 in Table 7) || Obliged entities || || - Potential high impact: Tougher penalty regimes may have cost implications as they are intended to ensure increased attention to full compliance with AML rules.

Supervisors || - Medium impact: Possible legislative changes needed to increase sanctioning powers || + Potential high impact: The ability to sanction firms more heavily for non-compliance should encourage supervisors to exercise increased vigilance to ensure full compliance with AML rules.

Clarify the application of data protection rules (relevant to dimension 13 in Table 7) || Obliged entities || - Medium impact: Systems changes and training costs in order to ensure compliance with data protection rules || + Potential high impact: lower costs resulting from greater legal certainty and more efficient rationalisation of data gathering and dissemination within the group.

Supervisors || - Medium impact: Familiarisation with new measures will have staff training implications ||

Financial Intelligence Units || - Low impact: || + High impact: Clarification of the rules on exchange of data would increase legal certainty about the conditions under which information on STRs can be shared.

Strengthen the capacity of FIUs to cooperate across borders (relevant to dimension 15 in Table 7) || Financial Intelligence Units || - Medium impact: Some systems changes may be necessary to enhance the cooperation capacity of FIUs (e.g. access to national databases) || - Medium impact: New powers (e.g. to postpone financial transactions) might imply an increased role for FIUs – implying additional resources. Enhanced cooperation will mean additional resources in order to respond to requests from other FIUs.

VI.4. Impacts of the Framework on Stakeholders

The following table assesses the impacts on the various stakeholders of the proposed changes to the AML/CFT framework, including those not included within its scope, but affected in different ways all the same.

Table 10 Main stakeholders affected by the proposed changes to the AML/CFT framework

Who is affected? || How?

1. Obliged entities || · Credit and Financial institutions || Credit and financial institutions have had the most experience in applying AML/CFT rules, and the changes under proposal should not significantly impact their business models. It will be challenging to apply a more risk-based approach, although this element of the new standards has been generally welcomed by the industry. Clarification of data protection rules should facilitate AML/CFT compliance, as should measures to make beneficial ownership more accessible. The requirement under the Fund Transfers Regulation to include beneficiary information is not expected to generate substantial additional impacts, as in most cases fund transfers already incorporate such information. Widening the definition of PEPs will have some impact on these institutions, who will need to assess the risks and apply appropriate measures to additional categories of customers.

· Auditors · External accountants · Tax advisors · Notaries · Independent legal professionals (involved in transactions) || The general scope of application of the Directive will not change with respect to business professionals. On the one hand, application of the risk-based approach could lead to more effective allocation of resources within companies, and the ability to focus on the riskier elements of business might carry advantages for professionals and SMEs working with lower risk clients (the converse is also true – higher risk clients will require more thorough checking and procedures). New rules on PEPs may also require more frequent consultation of external databases.

· Trust or company service providers (TCSPs) || Depending upon the option chosen by Member States for complying with beneficial ownership obligations, TCSPs could be required to hold and maintain information on the beneficial ownership of corporate entities. The implications of this will vary according to the option(s) chosen by Member States.

· Real estate agents || The only change potentially affecting parts of the real estate sector specifically will be an extension of the possibility to allow self-regulatory bodies to monitor and ensure compliance with the AML/CFT rules (Art. 37.4 3AMLD). Otherwise, real estate agents will be impacted in similar ways to other obliged business professionals, as described above.

· Casinos/gambling || Those businesses in the gambling sector which already apply the AML/CFT provisions will be affected in similar ways to those described above. There will also be a levelling of the playing field with other businesses active in the gambling sector which until now have not been covered by the AML/CFT framework. For those businesses, there will be important adjustments, and investments needed in the form of IT systems and training, as well as new ongoing compliance costs.

· Other natural/legal persons trading in goods when cash payments <€15,000 || A particular impact will be the reduction of the €15,000 scope threshold to €7,500, which may make an additional number of entities subject to the requirements of the Directive, but will most likely rather encourage traders (e.g. precious metal dealers, second hand car dealers, auction houses) to accept non-cash payments..

2. Public authorities || · Regulators · Supervisors || The strengthening of the risk-based approach will require national risk assessments to be compiled. Guidance will need to be provided to obliged entities on how to apply the rules, and supervisors will also need to develop risk-sensitive supervision – which should allow them to more effectively target their resources to areas of greater risk. There will also be a role for the AMLC at European level to contribute to supranational elements of risk and threat assessments for obliged entities in their sectors.

· Financial Intelligence Units · Law enforcement || The strengthening of cooperation arrangements, which is not expected to impose significant additional costs, as well as the clarification of data protection rules, should benefit the work of FIUs from an effectiveness perspective. Law enforcement should benefit from the overall strengthening of the AML/CFT framework, which should result in greater detectability of criminality (improved detectability of electronic fund transfers, PEPs, BOs,..). At EU level, both the FIU platform as well as Europol will be expected to contribute to supranational risk and threat assessments.

· National registries || Depending on which option Member States choose for making beneficial ownership information available, the setting up and maintaining of public registries is something that might impose additional costs.

3. Customers || Customers of the obliged entities (banks, financial institutions, auditors, etc.) || No major impacts are expected for customers of obliged entities (fundamental rights issues are separately assessed under section VII.1) resulting from changes to the existing framework. However the extent to which AML rules in general may/may not contribute to financial exclusion (e.g. due to refusal by some banks to open accounts for customers on the grounds of money laundering concerns) remains an important issue. An analysis of the Third AMLD by Commission services has concluded that the Directive in itself does not create any barriers to opening accounts. In particular, the current AML provisions do not require a person who wishes to open a bank account to produce an ID card or passport. It can therefore be concluded that it is rather financial institution's own internal processes or bank staffs' perhaps overly cautious application of anti-money laundering rules which may be creating these “false barriers”. The introduction of a risk-based approach and its application to customer due diligence procedures may in fact have a positive impact, potentially limiting any refusals to open accounts to genuine cases of ML/TF risk. This issue is more broadly addressed in another initiative currently under consideration by the Commission on payment accounts.    In the case of the gambling sector, customers of establishments newly covered by the AML/CFT rules will be required to provide proof of identity above a threshold of €2,000.

4. Business || Business community in general || Depending on which option Member States choose for making beneficial ownership information available, the potential requirement on companies to hold information on their shareholders and their beneficial owners will have impacts on the business community. The burden will be partly shifted from the obliged entities to the corporate customers of the obliged entities, who are better placed to provide information about their ownership. No other major impacts from the changed rules are to be expected, either on larger businesses or for SMEs.

5. Perpetrators || Criminals, including terrorists and corrupt PEPs || Criminals, terrorists and corrupt PEPs should find it harder to launder or transfer funds, as their activities will be subject to more effective monitoring by obliged entities, FIUs and law enforcement.

6. EU Victims || EU Society/citizens || Strengthening the AML/CFT framework should have societal benefits – protecting society against terrorism and criminal abuse of the financial system.

7. Non EU Victims || Society/citizens/governments in third countries || The adoption of international standards should mean that high AML/CFT standards are achieved across the globe. Strengthening the EU system should ensure that the proceeds of corruption, which drain away wealth and resources from third countries, and the proceeds from all other predicate offences are less easily processed through the EU financial system.

VII. Analysis of other impacts VII.1. Impact on fundamental rights

The Commission's proposal, which has to respect the Charter of Fundamental Rights of the European Union ('the Charter')[85], should strengthen fundamental rights laid down in the Charter. The proposal will help to protect the fundamental right to life (Article 2 of the Charter) which is threatened by criminal activities and terrorism. The Charter also recognizes as a fundamental right the protection of private life and personal data (Articles 7 and 8 of the Charter).  Article 52 of the Charter[86] recognizes that some limitations to fundamental rights may be laid down by law if proportionate and necessary, for example to protect fundamental rights and liberties of other people [87]. Finally, the proposal will have no impact on the right to an effective remedy and to a fair trial (Article 47 of the Charter), as no changes to the current provisions are proposed in this respect . Although legal professions regularly express concerns that this right and their obligation of professional secrecy would be violated by AML/CFT obligations to report suspicious transactions,  the European Court of Justice[88] has ruled that since reporting obligations only apply to activities of a financial or real estate nature and do not apply in the context of judicial proceedings, they fall outside the scope of the right of a fair trial.

AML/CFT legislation requires obliged entities to know their customers – as well as certain other persons who are not always their customers (e.g. beneficial owners) – and to assess their associated ML/TF risks. For that purpose, obliged entities need to collect, process and record personal data, and sometimes to share such data with public authorities (such as FIUs) or with private entities within the same group. These requirements have implications for such persons with respect to their rights regarding respect of private life and protection of personal data while having an overall security impact (general interest).

The proposal should also reinforce fundamental rights by bringing clarification on how institutions need to apply AML/CFT requirements in a way which is compatible with a high level of protection of data, in comparison to the current situation where legal uncertainties can lead to inefficient outcomes (i.e. as regards their degree of protection of data). As an example, by specifying the conditions under which data can be retained, protection of data subjects will be strengthened.

The different options considered in this impact assessment[89] and aimed at clarifying data protection rules will not have identical impacts on fundamental rights. Under Dimension13 in Table 7, the option which aims to clarify the interaction of data protection and AML/CFT rules at EU level would be the only option which would ensure the same level of protection for all citizens of the EU, whereas clarification at Member State level would leave room for divergent interpretations, incoherence across Member States and would thus not place all EU citizens on an equal footing.

Some of the proposed measures considered in this impact assessment may involve a degree of limitation to the right of respect for private life and data protection, such as the proposal to enhance availability of information on shareholders, beneficial ownership and nominees (Dimension 6). The proposal would limit the possibility for some persons to make use of corporate vehicles where beneficial ownership information is not always immediately apparent. However, this limitation would be formulated in a clear and proportionate manner (these persons would need to know in advance that information on them could be accessed, as this possibility would be foreseen in the law) and the Commission considers it necessary in order to achieve the objectives of enhancing the effectiveness of the fight against ML/FT and complying with the new international Recommendations. Currently there is a gap in the AML legislation, as institutions are required to know their customers and understand the nature of their business, but have difficulties to access information on them as such information is not publicly available. This limitation would also be proportionate to the aim and preserve the essence of the right. It would still be possible to use legal entities and arrangements such as nominee companies or trusts, but information on them would be more accessible. The different options considered with respect to availability of beneficial ownership information would not have identical impacts on fundamental rights. If availability of information were limited to competent authorities and obliged entities, the limitation would be strictly proportionate to what is necessary to achieve the objective of helping obliged entities to know their customers. If information were to be made available to all citizens though a public register, this would constitute a more substantial limitation to the privacy right, but would allow the attainment of other objectives, such as helping other entities not covered by the directive in their fight against ML/TF (e.g NGOs) or fighting tax evasion.

Despite the limitations, requiring enhanced availability of information on shareholders, beneficial owners and nominees would also strengthen privacy and data protection rights, as the information obtained by covered institutions would come directly from the legal persons itself, rather than from potentially less trustworthy sources. 

VII.2. Impacts on Small and Medium-Sized Enterprises (SMEs)

The changes to the framework are expected to impact SMEs from two different perspectives:

· SMEs which are gatekeepers under the AML framework will be affected by the proposed changes: the most significant change is likely to be the enhancement of the risk-based approach, intended to lead to more effective allocation of resources within companies.  SMEs operating under the framework (e.g. small offices of lawyers or accountants, independent professionals, and smaller financial institutions, etc.) have frequently complained that AML/CFT rules have been designed with larger financial institutions in mind, and that they do not have adequate resources to conduct the same level of control as would, for example, a large multi-national bank. The enhanced use of the RBA should allow focus on the riskier elements of business, and for those involved in businesses where ML/TF risks can be proven to be lower, the compliance burden with AML rules should be lighter than for those businesses working with higher risk clients (where more thorough checking and monitoring may be required). In some cases, professional organisations can also play an important role to ease the burden of compliance, through the provision of guidance, organization of training courses, submitting law clarification notes, answering doubts in the application of the legislation, etc.[90]There can be significant cost advantages to be gained for SMEs from such approaches[91]. There will also be impacts stemming from, on the one hand, new rules on PEPs, which may require more frequent consultation of external databases (however the costs associated with such checks should not be exaggerated – in the UK a query to a private database costs between £0.15 - £1.00, depending on the profile of the customer), and on the other hand, from the enhanced transparency of beneficial ownership information which should make the job of checking on beneficial ownership of clients easier. Traders in high value goods (e.g. jewellers, second hand car dealers, auction houses, etc.) are likely to be affected by the reduction of the threshold above which they become subject to the AML framework. Such persons will need to make a choice on whether to continue to accept cash above the lowered €7,500 threshold and thus perform customer due diligence checks, or whether to decline such cash transactions and request settlement by other means of payment. As compliance with AML rules requires knowledge of the law, staff training and access to AML-related information and data-bases, it is most probable that the large majority of SME's faced with such choices would opt for the latter option.

· SMEs which are not subject to AML requirements, but which will be affected by the proposed changes: the controls and restrictions which result from the existing preventative framework protect businesses from the risks and harmful effects associated with money laundering and terrorist financing. The most significant change affecting the broader business community will be the introduction of rules on enhancing the availability of beneficial ownership information. The requirement on companies to hold information on their beneficial owners will shift some of the burden from the obliged entities onto their customers, who are better placed to provide information about their ownership. The cost impact for individual firms is not expected to be great, however with an estimated 23 million SMEs in the EU, the cumulative impacts of this measure risk to be rather significant. No major other impacts from the changed rules are to be expected with respect to SMEs.

VII.3. Environmental impacts

The environmental impact of the proposed changes is likely to be minimal.

VII.4. International aspects VII.4.1. International  Standards

The FATF is recognised as the global standard-setter for AML and CFT.  Its recently revised 40 Recommendations set out the international framework that over 180 countries globally (through a network of regional bodies) seek to implement.  They form the basis for a co-ordinated response to potential threats to the integrity of the financial system and help ensure a level playing field.  The Recommendations set out the measures that countries should have in place within their criminal justice and regulatory systems; the preventive measures to be taken by financial institutions and other businesses and professions; measures to ensure transparency on the ownership of legal persons and arrangements; the establishment of competent authorities with appropriate functions, and powers and mechanism for cooperation; and arrangements to cooperate with other countries.

The FATF evaluates the progress of its members in implementing necessary measures and sets remedial action if it deemed appropriate.  In collaboration with other international stakeholders, the FATF works to identify national-level vulnerabilities with the aim of protecting the international financial system from misuse.

As a founder Member of the FATF, the European Commission participated in the process of revising the FATF Recommendations and has fully endorsed the revisions.  Given that all EU Member States will be subject to mutual evaluations conducted by either the FATF (of which 15 Member States are members) or Moneyval (a FATF-style regional body of which 12 Member States are members), it is appropriate that changes to the Third AMLD be consistent with the new international standards.

VII.4.2. Third Country Equivalence

The EU's Third Country Equivalence process involves an assessment of countries that are deemed to have AML/CFT systems that are "equivalent" to those set out in the Third AML Directive.  Countries that are deemed to have "equivalent" systems are named in a list drawn up by representatives of Member States.  The grounds for inclusion in the list are set out in the "Common Understanding" drawn up by representatives from Member States.  Under the Third AMLD equivalent status gave the possibility for obliged entities in EU Member States to apply reduced measures (for example, simplified customer due diligence measures) in respect of financial institutions from equivalent third countries.  It appears that some third countries saw inclusion on the list as a form of unofficial endorsement of the soundness of their AML/CFT systems from the Member States.  The move towards a more risk-sensitive system, whilst maintaining some version of a list as an evidential factor of lower geographical risk will still allow comparison of the quality of third country regimes with the AML Directive and could make business with institutions in third countries easier (for example, by applying simplified customer due diligence measures).

VII.4.3. Competitiveness of EU

Although tougher AML/CFT measures will result in some cost burden for obliged persons and entities, the EU should aim to have AML/CFT systems that are robust and that protect the integrity of the financial system within the single market. This should increase the attractiveness of conducting legitimate business in the single market area and maintain confidence in the financial system by those that seek to use it for legitimate purposes.

  VIII. Overall impacts of the package VIII.1. Impacts of the preferred policy options

The preferred policy options outlined in this impact assessment are intended to address the problems as outlined in the problem definition, i.e.:

· Adaptation of the framework in order to adhere to recently revised international AML/CFT standards;

· Clarification of the rules so as to ensure consistent application throughout the EU, but in a way which ensures an appropriate degree of consistency;

· Ensuring that the rules appropriately address existing and newly emerging threats.

While the negative implications of not having in place such systems are explored in various parts of this impact assessment, it is impossible to provide an accurate quantitative estimate of the benefits of having in place up-to-date, internationally compliant rules which are coherent across the Internal Market. The World Bank describes the benefits as follows: "..an effective framework for anti-money laundering (AML) and combating the financing of terrorism (CFT) have important benefits, both domestically and internationally, for a country. These benefits include lower levels of crime and corruption, enhanced stability of financial institutions and markets, positive impacts on economic development and reputation in the world community, enhanced risk management techniques for the country’s financial institutions, and increased market integrity."[92]

The adaptation of the framework to stricter international standards, coupled with the additional changes which are proposed as a result of the Commission's own review process are expected to represent a substantial strengthening of the overall framework. The envisaged changes should mean that:

· a broader scope will address additional areas of risk,

· cross-border compliance should be strengthened

· greater coherence between national rules achieved,

· greater effectiveness should result from more targeted and risk-sensitive rules.

In particular, the risk-based approach is not intended to lead to any lessening of standards, but on the contrary it calls for increased vigilance and its application should allow for the most significant AML/CFT risks to be more effectively targeted.

The FATF is increasingly focussing on the effectiveness of AML rules, as opposed to simple compliance. New ways to evaluate the national implementation of standards are currently being developed, which should mean that there will be increased onus on competent authorities to demonstrate that their systems are really working and keeping money launderers and terrorists out of the system.

The preceding sections have described the impacts the proposed measures are expected to have from a variety of different perspectives.

In terms of cost impacts, it is clear that the implications will be very different according to the situation of various stakeholders. The most significant cost factors associated with AML compliance are those connected with initial one-off costs associated with the introduction of new systems, training, consultancy, etc. On the basis of a previous Commission study[93], it is already clear that how high those costs are likely to be will very much depend on the type of strategy adopted to ensure compliance (e.g. focus on automated processes, as opposed to manual processes). It will also depend on the degree of AML/CFT risk associated with the nature of each business. Experience in the financial sector suggests that one-off AML compliance costs can amount to as much as 10% of all their regulatory compliance costs, although caution is required when attempting to extrapolate such data to other obliged entities operating very diverse business models. It is not expected that existing obliged entities will be unduly impacted by the envisaged changes, as they have already made systems investments which should be relatively easily adapted without the need for heavy new investments. The same cannot however be concluded with respect to entities who were hitherto outside the scope of the AML framework but who will need in future to apply AML/CFT rules. This is notably the case in the gambling sector, where in a number of Member States only "traditional" casinos are currently within the scope of national rules[94].

In terms of impacts on Member States' AML regimes, the fact that the international standards have been applied and evaluated in all Member States, coupled with the fact that all EU Member States have fully implemented existing EU rules, suggests that the impact of introducing a revised set of internationally agreed rules via the Commission's proposals should not unduly advantage or disadvantage particular Member States. The quantity and variety of changes will have different implications for the modification of existing legal frameworks at national level. Those frameworks have been conceived to function in different broader legal environments, and therefore the specific impacts in Member States are likely to differ accordingly. Some examples of different Member State approaches have been provided in this impact assessment (e.g. see Box 5 on the different approaches to the calculation of the 25% beneficial ownership threshold, Table 5 on transactions for cash thresholds, Annex VIII comparing EU MS' sanctions and penalties, Annex IX on EU MS' approaches to the regulation of the gambling sector).

In terms of other impacts, consideration has been given to how the envisaged measures would affect:

· Stakeholders – both those falling under the scope of the existing framework, and other stakeholders affected by the changed rules.

· Fundamental rights, where it is particularly important to ensure an appropriate balance between effectiveness of AML/CFT measures and the respect to data protection and privacy.

· SMEs, where a distinction is drawn between the impacts on SME's which fall under the scope of the AML/CFT framework, and the impacts on SME's in general.

· The environment – where no significant impacts are foreseen.

· The international dimension, where in particular the current approach towards recognition of third country equivalence needs to be adapted to the risk based approach, which should consequently mean that in future geographical location will be just one factor in a broader assessment of ML/TF risks.

In conclusion, the Commission considers that the proposed rule changes are proportionate to the objectives. By ensuring a tailored and flexible approach, Member States should not be constrained from adopting measures and taking actions as necessary to counter important threats they may confront at national level. The inclusion of processes at EU level to ensure greater coordination and the development of supranational approaches, together with further harmonisation in specific areas should ensure that EU objectives are also met.  Although ensuring an effective AML/CFT system entails considerable costs for obliged entities (these costs have been analysed in Annex IV), the Commission considers that the (much harder to quantify) benefits associated with preventing money laundering and terrorist financing will continue to outweigh the costs, also the new costs arising from the changes to the framework.

VIII.2. Coherence with other EU initiatives

The proposed adaptation to the AML/CFT framework is fully coherent with EU policies in other areas, in particular:

· The Stockholm Programme[95], which aims at achieving an open and secure Europe serving and protecting citizens, calls on Member States and the Commission to further develop information exchange between the FIUs, in the fight against money laundering.

· The EU's Internal Security Strategy[96] identifies the most urgent challenges to EU security in the years to come and proposes five strategic objectives and specific actions for 2011-2014 to help make the EU more secure. This includes tackling money laundering and preventing terrorism. The need to update the EU AML/CFT framework with a view to enhancing the transparency of legal persons and legal arrangements has been specifically recognised.

· In March 2012, the European Commission adopted a proposal on the freezing and confiscation of proceeds of crime in the European Union[97] which seeks to ensure that Member States have in place an efficient system to freeze, manage and confiscate criminal assets, backed by the necessary institutional setup, financial and human resources.

· With respect to data protection, the envisaged clarifications to the Third AMLD are fully in line with the approach set out in the Commission's recent data protection proposals[98]. The Commission’s AML proposals will strengthen protection of personal data, by limiting the length of time and stipulating the conditions data can be retained by obliged entities, and will clarify the conditions under which transfers to third countries may take place.

· With respect to sanctions, the proposal to introduce a set of minimum principles-based rules to strengthen administrative sanctions is fully in line with the Commission's policy as outlined in its Communication "Reinforcing sanctioning regimes in the financial services sector"[99].

· With respect to financial inclusion, the fact that applying an overly cautious approach to AML/CFT safeguards might have the unintended consequence of excluding legitimate businesses and consumers from the financial system has been recognised. Work has been carried out on this issue at international level[100] to provide guidance to provide support countries and their financial institutions in designing AML/CFT measures that meet the national goal of financial inclusion, without compromising the measures that exist for the purpose of combating crime. At EU level, the issue of financial inclusion is currently under consideration as part of the work on a Bank Accounts package.

IX. Monitoring and Evaluation

The Commission is the guardian of the Treaty and will therefore need to monitor how Member States have implemented the changes to the Third AMLD and the FTR.  Where appropriate and on request, the Commission services will offer assistance to Member States, throughout the implementation period, for the implementation of the legislative changes in the form of transposition workshops with all the Member States or bilateral meetings. Wherever necessary, the Commission will follow the procedure set out in Article 258 of the Treaty in case any Member State fails to respect its duties concerning the implementation and application of Community Law.

The Commission will work with the joint Committee of the European Supervisory Authorities on AML (AMLC), which in particular produces reports on the implementation of the third AML Directive in some specific areas[101] in order to monitor the application of the new legislative framework. The Committee on the Prevention of Money Laundering and Terrorist Financing (CPMLTF), could also serve as a forum for sharing information on application issues. The Commission services may also use the findings of studies carried out by stakeholders or Member States as well as any feedback from meetings with private stakeholders. Consideration will also be given to commissioning an external study as appropriate[102].

Monitoring of the application of the AML Directive will also take place indirectly through the mutual evaluation processes of the FATF (15 EU Member States are members of this body) as well as Moneyval (the other 12 Member States are members of this body). This peer review process[103] is an essential and rigorous process to ensure that Member States comply, both in law and in practice, with FATF international standards, from which most of the requirements of the AML Directive are derived. Evaluations take place around every 5-7 years for each country and can be complemented by follow-up reports, usually every 2 years (or more frequently if the deficiencies identified require it). The FATF is placing increased emphasis on the assessment of effectiveness of measures, as opposed to compliant legal frameworks. The mutual evaluations concerning individual EU Member States will represent an important element for the Commission's own evaluation of the effectiveness of the legal framework.

As these monitoring options would make use of the existing European or International structures and would not require the setting up of a new instrument, they would entail limited cost at EU level. 

As regards progress indicators for the key objectives, good ratings in FATF or Moneyval reports on EU Member States would be indicators of the consistency of the EU approach with international standards and of the preservation of the EU financial system's reputation. The number of suspicious transaction reports, investigations, prosecutions or sentences in the different Member States, compared to those of the previous years, can also constitute a starting point to measure progress in effectiveness of the system against ML/FT[104].

Efforts to monitor effectiveness through the compilation of data at EU level have been made by the Commission, and are described in Annex VII.

Reports produced by the AMLC can also be excellent indicators of the state of coherence of AML legislation and supervisory implementation across Member States in some specific areas[105].

An ex-post evaluation of the application of the revised Directive should take place after the entry into force of the legislative measure in the form of a Commission report to the Council and the European Parliament[106].

X. Annexes ANNEX I: Glossary

Anti-Money Laundering Committee (AMLC) || The Joint Committee of the European Supervisory Authorities´ Sub Committee on Anti-Money Laundering (AML Committee, AMLC) assists the European Supervisory Authorities in a supervisory capacity, to ensure a consistent implementation of the EU law.

Article 29 Working Party on Data Protection || The Article 29 Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data protection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.

Beneficial Owner || Article 3(6) of the Third AMLD defines “beneficial owner” as the natural person(s) who ultimately owns or controls the customer and/or the natural person on whose behalf a transaction or activity is being conducted.

Committee for the Prevention of Money Laundering and Terrorist Financing (CPMLTF) || Established by Article 41 of the Third AMLD, the role of the CPMLTF, made up of designated Member States representatives as well as a number of observers, is to assist the Commission in the development of AML/CFT policy.

Customer Due Diligence (CDD) || Customer Due Diligence is described in Chapter II of the third AMLD. The "regular" level of CDD imposes a duty on the obliged entity to identify and verify their customers and customers' beneficial owners, to understand the purpose and nature of the business relationship as well as to conduct ongoing monitoring.

Deloitte study || A Study on the Application of the Anti-Money Laundering Directive carried out on behalf of the European Commission (DG Internal Market and Services): http://ec.europa.eu/internal_market/company/docs/financial-crime/20110124_study_amld_en.pdf

Designated Non Financial Businesses and Professions (DNFBPs) || Those entities which are not credit or financial institutions but which fall under the scope of the Third AMLD, i.e.: · Auditors · External accountants · Tax advisors · Notaries and Independent legal professionals (involved in transactions) · Trust or company service providers · Real estate agents · Casinos · Other natural/legal persons trading in goods when cash payments <€15,000

Egmont Group || The Egmont Group of Financial Intelligence Units is an informal international gathering of financial intelligence units (FIUs). The goal of the Egmont Group is to provide a forum for FIUs around the world to improve cooperation in the fight against money laundering and financing of terrorism and to foster the implementation of domestic programs in this field.

Enhanced Due Diligence (EDD) || In the case of EDD, the obliged entity must take a number of prescribed further customer due diligence steps, albeit on a risk-sensitive basis.

European Supervisory Authorities (ESAs) || · European Securities and Markets Authority (ESMA) · European Banking Authority (EBA) · European Insurance and Occupational Pensions Authority (EIOPA). Set up in January 2011, the ESAs are tasked with financial stability and strengthening and enhancing the EU supervisory framework. Jointly they are responsible for the Anti-Money Laundering Committee (see separate explanation)

FATF fourth round evaluation process || The FATF conducts evaluations of its members, and completed the third round of these mutual evaluations in 2011.  The fourth round is expected to commence in 2013.

Financial Action Task Force (FATF) || An inter-governmental body established in 1989 by the Ministers of its Member jurisdictions and organisations.  The objectives of the FATF are to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system. 

Financial Intelligence Unit (FIU) || Article 21 of the Third AMLD requires the establishment of an FIU which serves as a national centre for receiving, analysing and disseminating to the competent authorities suspicious transaction reports and other information regarding potential money laundering or terrorist financing.

FIU Platform || The “EU Financial Intelligence Units’ Platform” was set up in 2006 by the European Commission. It gathers Financial Intelligence Units from the Member States. Its main purpose is to facilitate cooperation among the FIUs.

Internal Security Strategy || The EU's Internal Security Strategy identifies the most urgent challenges to EU security in the years to come and proposes five strategic objectives and specific actions for 2011-2014 to help make the EU more secure. This includes tackling money laundering and preventing terrorism.

Legal arrangements || According to the FATF definition, legal arrangements refer to express trusts or other similar legal arrangements. Examples of other similar arrangements (for AML/CFT purposes) include fiducie, treuhand and fideicomiso.

Legal persons || Any entities other than natural persons that can establish a permanent customer relationship with a financial institution or otherwise own property.  This can include companies, bodies corporate, foundations, Anstalt, partnerships, or associations and other relevant similar activities.

Money Laundering (ML) || Money laundering is defined in the Third AMLD as follows: The following conduct, when committed intentionally, shall be regarded as money laundering: (a) the conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such activity to evade the legal consequences of his action; (b) the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of property, knowing that such property is derived from criminal activity or from an act of participation in such activity; (c) the acquisition, possession or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation in such activity; (d) participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the actions mentioned in the foregoing points.

Moneyval || Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism. Moneyval currently comprises 30 members which are subject to its evaluation processes and procedures, including the 12 EU Member States which are not members of FATF. The aim of Moneyval is to ensure that its member states have in place effective systems to counter money laundering and terrorist financing and comply with the relevant international standards in these fields.

Obliged entities and persons || Article 2 of the Third AMLD imposes obligations on financial institutions, auditors, external accountants, tax advisors, notaries and other legal professionals (when participating in any financial or real estate transaction), trust or company service providers, real estate agents and casinos. There is also an obligation on other natural or legal persons trading in goods where payment is made in cash equal to or above €15,000.

Payment Service Provider (PSP) || As defined in Art 4(9) of Directive 2007/64/EC (the "Payment Services Directive"), i.e. credit institutions, E-Money institutions, post office giro institutions providing payment services, payment institutions, European Central Banks and national Central Banks when not acting in their capacity as monetary or other public authorities, Member States or their regional or local authorities when not acting in their capacity as public authorities.

Politically Exposed Person (PEP) || The Third AMLD defines “politically exposed persons” as natural persons who are or have been entrusted with prominent public functions and immediate family members, or persons known to be close associates, of such persons.

Predicate offence || Are serious crimes as described in Art. 3(5) of the Third AMLD. The listed categories of crimes are those for which transformation of the proceeds are considered to give rise to money laundering.

Risk Based Approach (RBA) || Under the revised FATF recommendations, the risk-based approach allows countries and obliged entities and persons to adopt a more flexible set of measures in order to comply with certain Recommendations. This helps them to target their resources more effectively and apply preventive measures that are commensurate to the nature of risks, in order to focus their efforts in the most effective way.

Simplified Due Diligence (SDD) || SDD permits obliged entities to perform reduced customer due diligence measures for certain types of customer or business.

Suspicious Transaction Reports (STRs) || A disclosure made to a Financial Intelligence Unit (FIU) by an obliged entity or competent authority  having an obligation to disclose based on the  suspicion or reasonable grounds to suspect that money laundering or terrorist financing is being or has been committed or attempted.

Terrorist Financing (TF) || Terrorist financing means the provision or collection of funds, by any means, directly or indirectly, with the intention that they should be used or in the knowledge that they are to be used, in full or in part, in order to carry out any of the offences within the meaning of Articles 1 to 4 of Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism as amended by Council Framework Decision 2008/919/JHA.

Trust and Company Service Providers (TCSPs) || As defined in Art. 3(7) of the Third AMLD: "Any natural or legal person which by way of business provides any of the following services to third parties: (a) forming companies or other legal persons; (b) acting as or arranging for another person to act as a director or secretary of a company, a partner of a partnership, or a similar position in relation to other legal persons; (c) providing a registered office, business address, correspondence or administrative address and other related services for a company, a partnership or any other legal person or arrangement; (d) acting as or arranging for another person to act as a trustee of an express trust or a similar legal arrangement; (e) acting as or arranging for another person to act as a nominee shareholder for another person other than a company listed on a regulated market that is subject to disclosure requirements in conformity with Community legislation or subject to equivalent international standards;"

ANNEX II: The Development of EU and International Policies to Combat Money Laundering and Terrorist Financing

At international level, the FATF has developed a series of Recommendations that are recognised as the international standard for combating of money laundering and the financing of terrorism.  The FATF Recommendations were first issued in 1990, and revised in 1996, 2001, 2003 and most recently in 2012, after an extensive process involving experts from members, to ensure that they remain up to date and relevant.

The FATF monitors the progress of its members in implementing necessary measures, reviews money laundering and terrorist financing techniques and counter-measures, and promotes the adoption and implementation of appropriate measures worldwide.  The FATF has completed the third round of mutual evaluations of its members, and will commence the fourth round of mutual evaluations at the end of 2013.  The results of these assessments are made public and any short-comings identified in the reports are subject to a rigorous follow-up process.

The G20 has recognised and endorsed the revision of the FATF Recommendations and the work of the FATF.

In the EU, there has been a progressive introduction of rules to establish a preventative framework designed to protect the financial system.

The first elements of the EU Anti-Money Laundering framework were put in place through the adoption of Council Directive 91/308/EEC of 10 June 1991 on prevention of the use of the financial system for the purpose of money laundering. It required Member States to prohibit money laundering and to oblige the financial sector, comprising credit institutions and a wide range of other financial institutions, to identify their customers, keep appropriate records, establish internal procedures to train staff and guard against money laundering and to report any indications of money laundering to the competent authorities. The financial sector has progressively implemented AML regimes, and now files by far the largest number of suspicious transaction reports to Financial Intelligence Units (see Table 2 in section III.3.2).

Over the years, the rules have been reinforced.

The Second Anti Money Laundering Directive (2001/97/EC):

· Clarified to which national authorities suspicious transaction reports from foreign branches of credit and financial institutions should be sent;

· Clarified the scope of obliged entities by confirming the inclusion of bureaux de change, money transmitters and the activities of investment firms;

· Expanded the scope of predicate offences to bring it in line with the 1996 FATF 40 recommendations;

· Extended the Directive's obligations concerning customer identification, record keeping and the reporting of suspicious transactions to notaries and independent legal professionals when participating in financial or corporate transactions, whilst allowing bar associations or the self regulatory bodies to receive reports for possible onward transmission to authorities responsible for combating money laundering.

The Third Anti Money Laundering Directive (2005/60/EC) updated the EU framework in light of the expanded FATF standards, which had been revised in 2003. The new provisions:

· Brought the definition of serious crime into line with the definition of serious crime in Council Framework Decision 2001/500/JHA of 26 June 2001 on money laundering, the identification, tracing, freezing, seizing and confiscation of instrumentalities and the proceeds of crime.

· Extended the preventive measures to the collection of money or property for terrorist purposes;

· Introduced more specific and detailed provisions relating to the identification of the customer and of any beneficial owner and the verification of their identity;

· Clarified that the obligations from the Directive also applied to activities performed on the Internet;

· Extended the scope of the Directive to cover life insurance intermediaries and trust and company service providers

In addition to these developments, the AML/CFT framework is completed by a number of EU instruments:

· Directive 2006/70/EC (the "implementing Directive") lays down implementing measures for Directive 2005/60/EC as regards the definition of politically exposed person and the technical criteria for simplified customer due diligence procedures and for exemption on grounds of a financial activity conducted on an occasional or very limited basis.

· Regulation 1781/2006 on information on the payer accompanying transfers of funds: the Regulation requires information on the payer to accompany transfers of funds, with the objective of ensuring prevention, investigation and detection of money laundering and terrorist financing. The Regulation covers all types of funds transfers carried out by electronic means in any currency, from a payer to a payee, which are sent or received by a Payment Service Provider (PSP) established in the EU (Art. 3.1). This is in order to make it easier for law enforcement authorities to track funds transferred electronically by terrorists and criminals.

· Regulation 1889/2005 on controls of cash entering or leaving the Community places an obligation on any natural person entering or leaving the EU and carrying cash of a value of €10,000 or more to declare that sum to the competent authorities. The regulation only covers currency and excludes gold or precious metals. In the event of failure to comply with the obligation to declare, cash may be detained by administrative decision in accordance with national legislation.

· Council Decision 2000/642/JHA introduces arrangements to facilitate the cooperation of exchanging information between FIUs in the Member States. The Decision seeks to address the difficulties in communication and exchange of information among FIUs that result from existing different legal status (administrative, judicial or law enforcement based) and providing for direct communication between them. The Decision reflects the standards and principles established by the Egmont Group[107] as well as the recommendations of the FATF.

· Council Framework Decision 2001/500/JHA seeks to implement concrete steps on money laundering, the identification, tracing, freezing, seizing and confiscation of instrumentalities and the proceeds of crime. Member States are also required to take necessary steps to ensure that all requests from other Member States, related to asset identification, tracing, freezing or seizing and confiscation, are processed with the same priority given to domestic proceedings.[108]

· Council Framework Decision 2002/475/JHA of 13 June 2001 on combating terrorism  which urges EU Member States to align their legislation and setting out minimum rules on terrorist offences. After defining such terrorist offences, the framework decision lays down the penalties that EU countries must incorporate in their national legislation.

ANNEX III: Detailed Assessment of Policy Options

The following tables set out policy options in a number of specific areas where  operational objectives have been identified in section IV. In many cases, the operational objectives may address two or more of the problem drivers. However for the sake of avoiding repetition, the operational objectives are analysed under only one heading, on the understanding that certain options may also address other problem drivers.

I. Policy Options relating to Operational Objective 1 (Ensure that the EU approach is consistent with the approach followed at international level by extending the scope of application, strengthening and clarifying current requirements).

1. Tax Crimes: inclusion of tax crimes in the scope

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. General reference to tax crimes in the Directive, but without precise definition || +  Clear signal + Some degree of convergence + In line with Operational Objective 1 + Partially in line with Operational Objective 2 || + Some convergence will improve certainty || + Coherent with policies aimed at reinforcing the fight against tax fraud and tax evasion

- Risk of incoherent MS approaches || - Still some incoherence across MS risks burdens for cross-border business ||

 3. Make tax crimes a specific predicate offence and detail the circumstances in which the offence is committed || + Clear signal + Coherence across MS + In line with Operational Objective 1 + Partially in line with Operational Objective 2 || + More efficient for cross-border business || + Coherent with policies aimed at reinforcing the fight against tax fraud and tax evasion

- lack of flexibility may create vulnerabilities || - Substantial difficulties to agree a common definition || - Risk to delay agreement on the full package

The revised international standards require that AML/CFT regimes incorporate "tax crimes" as a new predicate offence to money laundering. No further definition is given as to what "tax crimes" should mean. Three options are considered:

1. No change: this option would entail no additional cost and possibly be easy to agree politically. Given the existing "all serious crimes" approach in the current Directive[109], it could be argued that the existing approach in the Directive is already compliant with the new international standard. However such an approach might come at the cost of coherence between EU approaches on tax crimes, and the absence of explicit reference to tax crimes in the Directive might call into question whether the EU framework was really fully compliant with international standards.

2. Include a general reference to tax crimes in the Directive, but without a precise definition: this option would entail including a specific reference to tax crimes as a predicate offence. By using the existing threshold approach in the Directive (it is a serious crime if it is punishable by at least a maximum penalty of one year of deprivation of liberty), a degree of consistency across Member States would be achieved, although differences across jurisdictions would still remain – as is the case in most matters involving fiscal harmonisation. It would comply with the international standards and send a clear signal with respect to tax crimes.

3.  Make tax crimes a specific predicate offence and detail the circumstances in which the offence is committed: this would be the optimal option with respect to meeting Internal Market goals. It would however go beyond the first operational objective of ensuring consistency with international standards, and would not be fully consistent with the second operational objective given the limited flexibility. It would potentially come at the cost of substantial delays due to political difficulties to agree on a common list of types of tax evasion behaviour which would need to be included. Such problems would risk jeopardising agreement on the broader AML/CFT legislative package, and compromise efforts to align the framework with international standards ahead of the FATF's Fourth Round evaluation process.

Stakeholders' views

The majority of stakeholders favoured explicit coverage of tax crimes, viewing this either as necessary, or not interfering with their national legislation (where the "all crimes approach" has already been introduced).  Only around a quarter of respondents who expressed a view on this topic considered the existing provision to be sufficient.  Almost all of these stakeholders  would nevertheless support the inclusion of tax crimes as a predicate offence on condition that the definition was limited to "serious" tax crimes, possibly by applying a threshold, and that errors e.g. in completing tax compliance steps, as well as legitimate tax planning activities would not be included.

Conclusion

In view of the need to more clearly reflect tax crimes in the EU framework, but given the significant obstacles that would be faced with respect to securing agreement on a precise definition, the Commission has a clear preference for option 2, which although not achieving full consistency, will nevertheless achieve a degree of coherence between Member State approaches.

2. National Risk Assessments: Strengthen the requirement on Member States to identify assess, understand and mitigate ML/TF risks

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. Introduce requirement for MS to carry out risk assessment, with option for supranational risk assessments in areas to be determined by EC (e.g. by AMLC, FIU platform, Europol). || + Meets the objective + Each MS able to concentrate on their own risks || + Flexibility allows MS some regional divergence + Can use national risk assessments to feed into EU-wide assessments as the concept matures || + Use of supranational assessments brings convergence and contributes to the Internal Market

|| - Costly supra-national elements || - Could be some fragmentation if each MS uses a different methodology

3. Introduce prescriptive set of measures to: · Carry out supranational risk assessment at EU level · Take specified action to mitigate risks at EU level   || + Meets objective || +Obliged entities have certainty || + Greater convergence

- Unless done comprehensively and regularly, could result in missing the objective || - Very costly supra-national risk assessment required - Needs to be kept up to date = resource intensive - Single approach not flexible || - Mandating action to be taken could lead to competitive disadvantage for the single market

The new FATF standards broaden the application of the RBA. At national level, countries are obliged to identify, assess and understand ML/TF risks, and to apply resources to mitigate those risks. Countries need to ensure that higher risks are identified and mitigated, but may permit simplified measures for certain requirements when lower risk has been identified. The FATF acknowledges that AML/CFT risk assessments at a supranational level should be taken into account. Three options on how to reflect the need for national/supranational risk assessments are considered:

1. No change: this option would entail no additional cost. However, as the existing EU rules contain very little about the need to understand and mitigate risks, it would leave the EU framework out of compliance with the international standards, and would likely result in different approaches being followed by Member States.

2. Introduce a new requirement in the Directive for Member States to carry out risk assessments at national level and take measures to mitigate risks, and introducing the possibility for supranational risk assessments to be undertaken in areas to be determined, based on detailed work to be undertaken at EU level (e.g. by AMLC, FIU Platform, Europol). Coordination could be provided at EU level, and supranational approaches developed at EU level derived from the national risk assessments, in areas where risk factors common to the EU as a whole have been identified. This option, which recognises the fact that ML/TF risks facing jurisdictions are not always the same and need to be individually assessed, would meet the objective of strengthening the requirement to carry out national risk assessments. The approach would be fully in line with international standards, and would also recognise the specific supranational character of the European Union. However it would not achieve full convergence between Member States' risk assessments.

3. Introduce a prescriptive set of measures to carry out a supranational risk assessment at EU level and prescribe specified actions to mitigate risks at EU level: this option would treat the EU as a single jurisdiction, and would result in greater convergence between Member States' approaches. However it also carries a risk of missing the objective if the supranational risk assessment is incomplete or not updated regularly, and would be resource intensive and costly at EU level. Any inflexibility resulting from such an approach might expose the EU framework to criticism from international standard setters that risks were not being adequately and appropriately assessed.

Stakeholders' views

Stakeholders expressed strong support for the idea of broadening the application of the RBA.  There was strong support amongst almost all respondents (public authorities, private sector and civil society stakeholders) who agreed with the general approach.  Different views were however expressed as regards the usefulness of a complementary supranational assessment of the risk.  Whereas a significant majority of public authorities were in favour, only a minority of respondents from the business segment supported such an idea.  Most of the respondent companies and business federations expressed a preference for sufficient independence and flexibility to assess their own ML/FT risk, which would allow them to tailor adequate procedures taking into account the characteristics of the specific sector/product concerned.

Conclusion

In view of the need that risks will first and foremost need to be identified at national level, and in light of the complexities and inflexibility associated with a single EU supranational risk assessment, the Commission has a clear preference for option 2.

3a.            Customer Due Diligence (risk based approach): Clarify when obliged entities must apply EDD and when they may apply SDD.

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. MS to ensure that EDD is conducted, with the option of allowing SDD to be conducted.  Examples given of the risk factors to be taken into account. || + Targeted approach to risk + Allows flexibility to respond to emerging threats || + Targeted approach to dealing with risks will result in better mitigation + More cost-effective and efficient allocation of resources || + Issuance of guidelines by ESAs will represent  a cross-EU solution to an existing problem

- Could be differences of interpretation || - Possible short-term costs of implementing systems || - Possible differential use of risk factors will give different risk profiles amongst obliged entities in different MS.

3. Prescriptive measures specifying when to carry out SDD and EDD and what measures to take.   || + Gives a consistent approach in the Directive || + Some level of certainty || + Arguably ensures a single approach

- Solution does not target the risks involved, and thus the objective is not met in the longer-term || - Does not target risk - Would require a resource-intensive EU-wide risk assessment. - Resources of obliged entities could be spent on the wrong risks || - Need a full supra-national assessment of ML/TF risks in the EU

The current AML Directive recognises that enhanced and simplified CDD should be carried out in certain specified situations.  However, the approach to simplified CDD has led to criticism in mutual evaluation reports of Member States, where the assessors interpreted the measures as requiring no CDD, as opposed to reduced CDD measures.   The revisions to the FATF standards develop categories of risk factor that should be taken into account in determining whether enhanced CDD should be carried out, and whether simplified CDD may be carried out.  Three options are considered:

1. No change to the existing Directive: this option would not properly address the deficiencies found in evaluation reports of Member States and would result in poor compliance ratings for MS going forward.  In addition, the prescriptive measures are not commensurate to the risks posed, and thus are ineffective, with obliged entities having to channel resources to areas without commensurate risks.

2. An obligation on Member States to ensure that enhanced CDD is carried out in areas of high risk and an option for Member States to allow simplified CDD in lower risk situations, with examples of the factors to be considered (such as geography, customer type, delivery channel etc.) would be a proportionate and flexible solution, allowing a targeted response to potential risks.  In addition, this approach is in line with the greater emphasis on risk and the results of risk assessments that the revised FATF standards require. To address Internal Market concerns caused by the proliferation of different national approaches, work will need to be carried out by the ESAs in order to issue guidelines to Member States on risk factors.

3. A prescriptive listing of when to apply EDD and when SDD may be applied, accompanied by specific measures that must be taken would give some degree of certainty to the process, but would not be flexible enough to deal with the changing nature of ML/TF risks.  In particular, the EU would need to carry out a thorough risk assessment across all Member States, and keep this up to date on an ongoing basis.  This would be both costly and time-consuming, and would not give Member States an opportunity to respond to specific risks that they might be facing, even on a short-term basis.

Stakeholders' views

There was strong support for the idea that a more focussed and risk-targeted approach should apply with respect to EDD and SDD measures.  The support was even stronger as regards the usefulness of establishing guidance on the application of such provisions.  On the other hand, some companies and business federations were concerned that any clarification in the Directive should neither be exhaustive nor automatically lead to the assumption of ML/TF risks.  In particular, these stakeholders pointed out the dangers of an overly rigid regime given the speed of innovation in some sectors (e.g. the payment sector) and the variety of products available.

Conclusion

In view of the need to tailor approaches to the specific risks on the basis of different risk factors, and to maintain an appropriate level of flexibility so as to be able to respond to emerging threats, and given that a targeted approach to risk allows more cost effective allocation of resources the Commission has a clear preference for option 2. The issuance of guidelines on risk factors by the ESAs will be an important element in promoting coherence of approach across Member States.

3b.  Equivalent third countries: Clarify use of "equivalence" of third country regimes

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. Remove the concept of positive "equivalence". Non-equivalence to be used as a factor/example of  geographical risk.. || + Allows use of a risk-sensitive approach + Recognises that some third countries do not meet high EU standards || + Some elements of risk assessment carried out across EU || + Consistency of treatment of third countries across the EU

|| - Resources will be needed to update the list of equivalent countries || - Possibility that it will be used differently across the EU

3. No equivalence process. || + Consistent with risk-based approach || + Avoids concentrating on one risk factor (i.e.  geography) ||  

- Does not give any certainty as to how the EU views third countries with "equivalent" regimes || - MS and some parts of the private sector report that equivalence process is useful || - Lack of convergence

The current AML Directive recognises the concept of third country "equivalence", whereby obliged entities are able to apply less onerous measures (for example, in relation to customer due diligence) to financial institution clients from "equivalent" third countries.  This approach has been criticised in mutual evaluation reports as providing an automatic exemption from certain requirements, whilst not being founded on the basis of risk. Three options are considered:

1. No change to the existing Directive: this option would leave the uncertainty of the current provisions.  This would not properly address the deficiencies found in evaluation reports of Member States and would result in poor compliance ratings for MS going forward. 

2. This option would remove the concept of positive "equivalence" and introduce a concept whereby   countries that are deemed to have AML systems that are not equivalent to those in the EU are treated as a factor or example to be taken into account by obliged entities when they are considering higher geographical risk alongside other risks, such as customer type and delivery channel.  This would highlight the risk of doing business with customers in countries which do not have "equivalent" AML/CFT regimes to the EU, and would also make "non-equivalence" part of the overall risk package.

3. The complete removal of the "equivalence" process would leave Member States and obliged entities having to make their own decisions about risk.  Although this would arguably be the most risk-sensitive approach, it would be the least convergent approach and would not recognise an exercise which some Member States and obliged entities find useful. 

Stakeholders' views

Mixed views were expressed by stakeholders as to the usefulness of the listing process and its relevance in light of the revised FATF Recommendations’ focus on a risk-based approach.  The majority supported the listing process as useful (especially for smaller firms), whereas a minority felt that the current regime was of little benefit.  Support for producing a binding list mainly came from the business sector while, according to several public authorities, such lists should rather be just one of a number of indicative factors of geographical risk.  

Conclusion

Most stakeholders have expressed a desire to maintain an EU approach towards equivalence. However the current approach, which is based on Member State assessments which can result in automatic SDD for institutions from "equivalent" third countries, is not sufficiently risk-based. By focusing on pre-existing assessments made at international level on non equivalent regimes, and by ensuring that obliged entities treat this as a risk factor alongside other risks, a consistent approach can be ensured across the EU. The Commission therefore has a clear preference for option 2.

4. Supervision: Introduce more explicit recognition of RBA to supervision

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. Recognise that supervision can be risk-sensitive, but leave the detail to be determined at sectoral level || + Meets Operational Objectives 1 and 2 + Can target specific risks in each sector || + Flexible detailed requirements can be changed more easily than revising a Directive + Can be informed by national and sectoral risk assessments || + Consistent with International Standards

|| - Some sectors do not have recognised colleges of supervisors (e.g. in the DNFBP sector) || - May still be elements of divergence between sectors/MS.

3. Supervisors given the power and complete discretion on how to supervise all sectors || + Fully risk-sensitive + Fully in line with Operational Objective 1 (better fits to the FATF standards) || + Allows greater degree of targeting, therefore improved efficiency || + Consistent with International Standards

|| - Not in line with Operational Objective 2 (Lack of convergence) || - Different approach will create inconsistencies and increase costs across borders ||  - Impact on Internal Market

The Third AML Directive requires obliged entities to be "effectively monitored".  The revised FATF standards give specific recognition that supervision of institutions and persons covered by the Recommendations can be carried out on a risk-sensitive basis.  This allows resources to be targeted at areas where risks are thought to be higher.

Three options are considered:

1. No change to the existing provision: supervisors would be able to continue with existing approaches, although those that already use elements of risk-sensitivity would not necessarily be able to make use of the provisions in the revised FATF standards.  Depending on the Member State's interpretation of "effectively monitor", resources might not be used efficiently.

2. Limit the approach in the Directive to a specific recognition that supervision should be carried out on a risk-sensitive basis, with a link made to national and sectoral risk assessments to ensure that the risks are adequately captured, and give a role to the ESAs to develop more detailed measures.   This option would allow supervisors to adopt approaches which are more targeted towards risk. The concept would, however, be more appropriate in developed sectors (such as banking, securities and insurance supervision), and less so in certain DNFBP sectors where a sectoral approach at EU level might not be viable.

3. Allow full discretion for supervisors to apply a risk-sensitive approach to supervision, without any additional measures at EU level as described under option 2.  This option would maximise flexibility for all supervisors, but would potentially lead to a lack of convergence as each sector in each Member State would be supervised according to different risks and principles.

Stakeholders' views

Among the few respondents who expressed a clear view on this topic, there was broad consensus in recognition of the importance of risk-based supervision.  With respect to supervision of cross-border activities, the business sector was concerned that the minimum harmonisation approach should avoid that scope and application substantially differ across Member States, and strongly supported the provision of sectoral guidance.  Some stakeholders also suggested that supervision should focus on less-developed sectors, rather than on high-risk entities which, very often, were better equipped and had more experience in facing the specific ML/FT risks.

Conclusion

In view of the need to reflect the new international standards, maintain a degree of consistency between EU supervisory approaches whilst permitting an appropriate level of flexibility in implementation, the Commission has a clear preference for option 2.

5. Politically Exposed Persons (PEPs): Broaden existing approach to treatment of politically exposed persons (PEPs) to cover domestic PEPs and PEPs working in international organisations on a risk-sensitive basis

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. Introduce requirements for domestic PEPs/PEPs in international organisations with risk-sensitive elements || + Meets objective of widening scope + Complies Operational Objective 1 || + Addresses highest risk (foreign PEPs) and allow a graduated approach to other PEPs ||   + Consistent with international standards

|| - Differential approach may lead to inconsistencies ||

3. Extend provisions for international PEPs to domestic PEPs and PEPs in international organisations || +Meets objective  + Requirement goes some way to Operational Objective 3. || + Clarity in requirement ||

- Goes further than objective || - Costly for industry, without corresponding benefit || - Goes further than international standard

The existing EU standards were aimed at PEPs residing in a third country, and require a certain level of enhanced due diligence to be performed.  The revised FATF standards have expanded the definition to include domestic PEPs and PEPs working in international organisations, with enhanced measures to be taken on a risk-sensitive basis.

Three options are considered:

1. No change: although this option would mean the least cost to industry, it would result in EU legislation being below the international standards, and Member States would risk poor compliance ratings in mutual evaluation reports. In addition it would not address an area of potential risk.

2. Introducing provisions for domestic PEPs/PEPs working in international organisations, with risk-sensitive measures to be taken: this option is more in-line with the international standards, and addresses the risks posed by PEPs domestically and those working in international organisations, who might have access to proceeds obtained corruptly.  However, as not all PEPs are automatically higher risk, a risk-sensitive element would be introduced to allow obliged entities to assess the risks that they pose and to apply appropriate mitigating measures, without interfering with the current need to apply higher requirements for foreign PEPs.  The differential approach might cause some confusion for obliged entities, who would need to apply different standards to different categories of PEP.

3. Extend the existing provisions (i.e. a requirement for EDD measures) to all types of PEPs: requiring a certain level of enhanced due diligence to be conducted for each category of PEP would give a degree of consistency to the provisions, and would place the EU ahead of the international standard.  However, the cost of this requirement to industry would arguably outweigh the potential benefit, with obliged entities being required to apply enhanced due diligence to all categories of PEP regardless of the risk.  This would involve a potential waste of resources.

Stakeholders' views

The idea of extending the Directive to domestic PEPs and PEPs working in international organisations was fully supported by public authorities, representatives of liberal professions and civil society.  Support also came from the business sector (financial and non-financial), which however remained concerned about the significant difficulties faced when identifying PEPs.  These respondents therefore expressed a wish to see a clearer and narrower definition, a broader application of the RBA and the provision of a centralised, up-to-date and reliable PEPs lists.

Conclusion

In view of the heavy cost implications that the approach under option 3 would entail, and given that the approach in option 2 would still be consistent with international standards by addressing the highest risk (foreign) PEPs while allowing a graduated approach for other types of PEPs, the Commission has a clear preference for option 2.

6. Availability of beneficial ownership information: Enhance the public availability of information on the beneficial owner / enhance the transparency of legal persons and legal arrangements

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. Requirement on companies to hold information on BO and to make this information available to competent authorities and obliged entities || + Enhanced transparency + In line with Operational Objective 1 || + Limited additional cost and easy to set up for companies, + Relieves the current burden on obliged entities || + In line with Commission's EU Internal Security Strategy + In line with international standards

- Less public transparency than option 3 || - Cost on companies, especially for those with a complex structure ||  

3. Require public availability of information on shareholders, BO and nominees through a public register || + Enhanced transparency + Meets demand for transparency from civil society and European Parliament || + Relieves the current burden on obliged entities || + In line with international standards

- Challenge to maintain up-to-date information || - Shifts burden (costs) onto Member States || - may raise data protection concerns

The new FATF standards require countries to ensure that there is a set of basic information on the company  available in business registries and/or held by the company itself and made available to competent authorities. Access by covered institutions to this information should be facilitated. Further transparency of nominee shares or directors is also required (disclosure of identity or licensing). Countries can choose between several mechanisms. For legal arrangements, the standards recognise the role of the trustee as holder of the beneficial owner information and introduce a requirement for trustees to disclose their status when they engage with reporting parties. The current Directive does not provide explicit provisions. Calls for more transparency also come from the 2010 Commission's Internal Security Strategy[110]and the European Parliament[111].

Three options are considered:

1. No change: this option would not be effective as it would not allow for greater transparency on beneficial owner and legal persons and arrangements. It would not be in line with new FATF standards.

2. Require Member States to require companies[112] to hold and up-date information on their beneficial owners and to make this information available to competent authorities and entities covered by the Directive. This option would allow greater transparency of information on the ultimate beneficial owner of companies. They are best placed to understand their own beneficial ownership, and making the information available to obliged entities would be a useful tool in the CDD process. Some cost would be involved in recording and maintaining this information, and making it available upon request. Finally, this option would be in line with international standards and Commission's EU Internal security strategy.

3. Require Member States to set up public registries on shareholders as well as on beneficial owners, in addition to the same information held by companies. This option would be the most effective as regards the level of transparency and would meet the demands from civil society and European Parliament to promote greater public access to beneficial ownership information. As with option 2, it would relieve the burden on obliged entities and would be in line with international standards and the Commission's strategy. But an agreement of Member States could be difficult to obtain given the new burdens it would place on them, and general availability of such information may raise data protection concerns. At least public availability of shareholder information should be provided, which is already a reality in most Member States.

Stakeholders' views

There was strong support among stakeholders to include in the Directive measures to promote the transparency of legal ownership. Views differed, however, as to the means to achieve it. A majority of those who expressed an opinion stressed the need for an official, timely up-to-date and reliable source of information, possibly through national registries. Others suggested that a centralised database should be created at EU level and access made available to obliged entities. Some respondents argued that beneficial owners should be declared when registering a legal entity, and given advanced warning about the possible data protection implications.

Conclusion

In view of the fact that option 2 already goes beyond the international standards, it should be relatively straightforward to achieve, keep compliance costs for companies relatively low but at the same time represent a significant benefit for obliged entities, the Commission has a clear preference for option 2.

  7. Electronic fund transfers: Enhance  detection of misuse by terrorists and criminals of electronic fund transfers

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. Maintain current approach || 0 || 0 || 0

0 || 0 || 0

2. Make changes to the FTR to introduce  requirement to include information on the beneficiary and limit exemptions from scope || + Improves detection by enhancing traceability of electronic fund transfers + In line with Operational Objectives 1 and 2 || || + In line with EU Strategy on Terrorist Financing

- Electronic fund transfers below €1,000 are not subject to identity verification || - Limited additional costs for business due to adaptation of payment systems ||

3. Require beneficiary and payer information to accompany the payment and require identity verification as of €0 || + Improves detection by enhancing traceability of electronic fund transfers || || + Exceeds international standards

- May drive certain transactions to unregulated PSPs - Not  in line with Operational Objective 2 (flexibility) || - Additional costs for non-account based payment service providers ||

The new FATF standards seek to enhance the transparency and traceability of electronic fund transfers by requiring the inclusion of information about the beneficiary in wire transfers, as well as an explicit obligation to take freezing action with respect to UN Resolutions and to prohibit conducting transactions with designated persons and entities. There are specific obligations on money or value transfer service providers (MVTS), in particular a requirement to file an STR in any country affected by the suspicious wire transfer, and make relevant transaction information available to the Financial Intelligence Unit.

Three options are considered:

1. No change: this option would not be effective as it would be inconsistent with the new FATF standards, and it would leave gaps with respect to traceability of electronic fund transfers. Since this is an area governed by an EU regulation, no facility to correct this deficiency at national level would be possible, and EU Member States' legislation would be rated non-compliant with the international standard, with corresponding reputational damage to the EU's financial system and its institutions.

2. Make changes to the Fund Transfers Regulation (FTR) to introduce a requirement to include information on the beneficiary and other key changes resulting from the revised international standard: this option would not entail significant adjustment costs, as most fund transfers already contain information on the beneficiary and so would not be affected. Ensuring that beneficiary information is included in all electronic fund transfers would provide an effective tool for law enforcement and ensure full traceability of all transfers, although transfers below €1,000 do not require identity verification.

3. Require beneficiary and payer information to accompany the payment and require identity verification as of €0 as opposed to the existing threshold of €1,000: this option would be the most effective way of ensuring full traceability of electronic fund transfers. However customer verification would entail significant additional costs for lower value transfers, increasing the costs for the end users and potentially driving parts of the payments business to more risky unregulated payment channels. This option would exceed the international requirements.

Stakeholders' views

The few comments received on this topic showed a divergence of views according to the different categories of respondents.  Whereas some public authorities considered it appropriate to reduce the current thresholds in respect of electronic fund transfers (from the current € 1,000 threshold), business sector respondents (mainly financial services) considered the current amount appropriate and argued that lowering this threshold would have limited effects and disproportionate costs for the financial institutions. 

Conclusion

In view of the fact that option 2 achieves the objectives of consistency with international standards without significant burdens for obliged entities, and that option 3 would introduce a substantial new compliance burden (albeit representing an enhancement to the possibility to trace transactions), the Commission has a clear preference for option 2.

II. Policy Options relating to Operational Objective 2 (Ensure consistency between national rules and where appropriate flexibility in their implementation by strengthening and clarifying current requirements).

7. Improve comparability of statistical data

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. Maintain current approach || 0 || 0 || 0

0 || 0 || 0

2. Provide further guidance on how reporting by MS should be carried out || + Might help improve the ability to measure  effectiveness of the EU framework  + In line with Operational Objective 1 and 2 || ||

- Comparability across MS will remain difficult || - Limited additional costs for MS ||

3. Reinforce the requirement under Art. 33 of the 3AMLD with respect to statistical data || + Improves the ability to measure  effectiveness of the EU framework by imposing on MS more explicit requirements on comparability and sharing of information + In line with Operational Objective 1 and 2 || || + Coherent with the Hague programme mandate

- Comparability across MS will remain difficult unless underlying approaches (e.g. the notion of an STR) are also harmonised || - Limited additional costs for MS ||

Article 33 of the Third AMLD imposes an obligation on Member States to maintain and publish comprehensive statistics, so that they are in a position to review the effectiveness of their AML/CFT systems. However significant definitional and systemic differences (e.g. different notions of what constitutes a "report", different processing of reports, and different approaches towards prosecution of cases) considerably undermine comparability across countries and complicate assessment of the extent to which AML/CFT systems are effective.

Three options are considered:

1. No change: this option would entail no additional cost. However it would not achieve the objective of comparability across the EU and would mean that an overall assessment of the EU framework would remain very difficult. Moreover, given that certain parts of the EU framework may be subject to supranational assessment by the FATF in the future, there is a risk that the EU statistical framework to measure effectiveness would fall short of the international standards. The current degree of flexibility that the AMLD allows has affected the comparability of statistical data, due to legal, operational and statistical reasons.

2. Provide further guidance on how reporting by Member States should be carried out with a view to achieving more coherence between data sets. This option would not entail changes to the Directive, as Article 33 already contains minimum requirements on statistical reporting. Further Guidance issued by the Commission, building on the first statistical exercise (see "Money Laundering in Europe”[113]) could serve to improve the consistency of reporting of effectiveness indicators across the EU, and facilitate an evaluation of the effectiveness of the EU AML/CFT framework as a whole. However the underlying differences with respect to AML approaches (e.g. the form of the reports differs significantly, the different definitions as to what constitutes a predicate offence, different procedures on handling information, etc.) would remain and continue to complicate cross-border comparability. However as the existing minimum requirements (especially in Article 33.1) imposed on Member States are not sufficiently detailed, this has led to difficulties to obtain comparable data across Member States. Such problems may not be addressed solely through the issuance of additional guidance.

3. Reinforce the requirement under Article 33 with respect to statistical data in order to ensure more comprehensive and comparable statistics in compliance with the Action Plan "Measuring Crime in the EU: Statistics Action Plan 2011- 2015". This option would consist in operationalizing Article 33 (1), by notably linking it with the necessary national risk assessment. Article 33(2) could be amended in order to make more explicit the data requirements . Further guidance of important effectiveness indicators across the EU in similar ways to those described under option 2 could be provided. This approach might enhance comparability of important effectiveness indicators across the EU in similar ways to those described under option 2. However, as also described under option 2, comparability across Member States would still remain impaired as a result of underlying differences with respect to AML approaches.

Stakeholders' views

Many respondents to the Commission's consultation supported greater harmonisation of the reporting regime across the EU, in order to improve effectiveness.

Conclusion

In view of the fact that Member States have inconsistently implemented the requirements in Article 33, further clarification of the requirements appears necessary in the Directive. For this reason, the Commission has a clear preference for option 3.

8. Identification of the "beneficial owner", including clarification of 25% ownership threshold

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. Retain 25% threshold but clarify requirements for holding companies. Leave open for guidance by ESAs. || + Meets objective of clarification + ESAs best placed to provide further clarification || + Threshold gives a framework for obliged entities + In line with company law concept of ownership + Flexibility for guidance by ESAs || + Coherent with Internal Market

 - Converged national approaches in line with Operational Objective 2 || - Concentration on threshold may not always find the ultimate beneficial owner. ||  

3. Remove threshold and replace with requirement to always find natural person who owns/controls company || + Targets the potential risk (i.e. person who controls company) + Exceeds Operational Objective 1 + Requirement goes some way to meeting Operational Objective 3. || + More focussed towards the actual risk ||

|| ||

- Could lack clarity unless detailed guidance is prepared - possible conflict with Operational Objective 2. || - Costly for industry || - Greater risk of diverging implementation across MS

Existing EU legislation defines beneficial owner as "the natural person(s) who ultimately owns or controls the customer and/or the natural person on whose behalf a transaction or activity is being conducted".  When beneficial ownership can be ascertained through share ownership, a 25% plus 1 share threshold is given as evidence of direct or indirect ownership.  However, a report by the AMLC has identified issues in relation to how the 25% threshold is interpreted in Member States.

Three options are considered:

1. No change would mean that obliged entities would not need to adjust their systems.  However, the inconsistency of interpretation across Member States has already led to a lack of convergence, and thus this is not the preferred option.

2. Maintain the approach which requires identification of the BO as of a 25% ownership threshold, but clarify what the "25% threshold" refers to, particularly in relation to holding companies and foundations. This option would address the issue of inconsistency and lead to greater convergence.  The precise nature of the requirement could be left for clarification in guidance by the ESAs where related issues such as the clarification of the relationship between "ownership" and "control", "multi-layer corporate vehicle structures", and "close associate" could also be tackled.  There should, however, be a clear understanding that the 25% threshold is a minimum standard, and not a replacement for the requirement to find the ultimate beneficial owner where doubts exist that shareholding alone is sufficient. For example, reporting entities could be required, when confronted with suspicious circumstances, to undertake further inquiry to identify and record information on other parties who appear relevant (the "close associate" i.e. the typical frontman) to find out whether other natural persons beyond the formal legally declared owners really are in control.

3. Remove the existing 25% threshold and replace it with a stricter requirement to always find the natural person who owns/controls the company. This option would require obliged entities to focus more on the actual risk posed by persons who control companies.  However, it would lead to greater expense for obliged entities and a lack of guidance as to what was expected could lead to a lack of convergence across Member States, who might interpret the person who "controls" a company differently.

Stakeholders' views

A substantial majority of stakeholders commenting on this issue shared the view that the 25% threshold appears appropriate and should be maintained.  The support was even stronger as regards the usefulness of improving legal certainty across the EU about who the beneficial owner is, while maintaining a risk-based approach to identifying, and verifying the identity of beneficial owners.

Conclusion

In view of the fact that option 2 would be the best way to ensure greater convergence between Member State approaches, and given that the ESAs are best placed to carry forward work in this area, the Commission has a clear preference for option 2.

9. Clarify responsibilities for AML supervision between the home and host supervisors

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. Clarify in the Directive || + Establishes a clear legal footing for supervisors + Increased clarity for business + More efficient detection of ML/TF by FIUs + Fulfils Operational Objectives 2 and 3 || + Clarity and coherence across Member States facilitates the business environment || + Coherent with International Standards

- Reduced flexibility for MS || - Introducing a requirement to report suspicions where they arise risks adding burdens for cross-border market operators || - Potential Conflicts with Internal Market would need to be addressed

Article 37 of the Third AMLD obliges Member States to require competent authorities to monitor and take measures to ensure compliance with the requirements of the Directive by obliged persons and institutions.

Public stakeholders, especially supervisory authorities, have expressed concerns about the lack of legal certainty in the current legislative texts about their ability to ensure correct compliance with host state AML/CFT obligations in the case of payment service and E-Money providers, operating on the basis of a single EU passport via branches or agencies. Such uncertainties have the potential to create gaps in compliance and might undermine the effectiveness of the framework.

Two options are considered:

1. No change:  the Commission has already published a staff working document which clarifies the articulation between the Payment Services Directive and the Third AMLD. However stakeholders – especially public authorities – have complained that the staff working document does not provide sufficient legal certainty, as it is not legally binding. It would therefore fall short of providing both supervisors and obliged entities with legal certainty, and may not resolve persisting uncertainties which complicate cross-border business on the basis of a single passport

2. Clarify in the Directive: this option would build on the existing clarifications contained in the Commission's staff working document, and establish rules on a firm legal footing, thus providing certainty for supervisors and obliged entities about how AML compliance may be achieved so that host state rules are respected, while ensuring no undue hindrance to the cross border provision of services by licenced entities. The introduction of a requirement to file STRs to the FIU in whose territory the institution or person forwarding the information is situated will lead to improved detectability of ML/TF by FIUs, and should not impose additional burdens for cross-border businesses.

Stakeholders' views

All stakeholders responding on this issue were in favour of clarifying the regulatory powers which home and host AML/CFT supervisors have in cross-border situations.  In particular, many respondents highlighted the need to consider such powers with regard to payment and e-money institutions, their agents and, where applicable, their distributors.  Support for recognising the host country's power to directly supervise and, where need be, prosecute breaches of AML/CFT provisions occurring on its territory (including cases of non-compliance with CDD procedures and insufficient ST/SA reporting) came from several public authorities.  The business segment, although in favour of clarifying supervisor authorities' powers in cross-border situations, was of the view that duplicating regulatory obligations by requiring compliance to local AML provisions creates additional costs.  These respondents therefore envisaged greater co-operation, information sharing and possible delegation of powers between home and host AML/CFT supervisors.

Conclusion

In view of the fact that there is a need to respond to stakeholders' concerns for greater legal certainty in ways which would both clarify responsibilities of AML supervisors as well as the requirements on cross-border businesses, the Commission has a clear preference for option 2.

10. Strengthen and converge administrative measures and sanctions for obliged entities not complying with the requirements of the Directive

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. Introduce a set of common principles-based rules to strengthen administrative sanctions || + Improved compliance by obliged entities + Enhanced comparability between MS + In line with the General Objectives || + A more level playing field + Coherence across Member States facilitates the business environment || + In line with Commission's policy on strengthened financial services sanctions  

- Less flexibility for MS || - Adjustment costs ||

3. Introduce common rules on sanctions, setting the minimum level of sanction according to different offences and for each category of administrative fine. || || + A  fully level playing field + Coherence across Member States facilitates the business environment || + In line with Commission's policy on strengthened financial services sanctions  

- No flexibility for MS - Not fully in line with Operational Objective 2 || - Challenging to agree as legal systems and traditions vary considerably ||

The Commission's Communication "Reinforcing sanctioning regimes in the financial sector" of 8 December 2010 sets out core principles that should apply to sanctions on financial institutions. The objective is to reinforce the efficiency and convergence of the sanctioning regimes, in order to strengthen the Single Market. Strengthening sanctioning regimes was also one of the elements of the financial sector reform at international level. According to the Commission's policy, standard provisions are to be incorporated into all Directives related to Financial Services. Elements include: the requirement to have a set of core administrative sanctions for key infringements; publication of sanctions as a rule; a sufficiently high level of administrative fines (not less than obtained benefits); harmonisation of criteria to determine the sanction; ensuring that authorities have the necessary powers when dealing with cross- border cases. Certain of these standard clauses might not be adequate for AML/CFT purposes, and the policy will need to be tailored to the specific needs of the sector.

Three options on how to strengthen and converge national rules are considered:

1. No change: this option would entail no additional cost. However it would not contribute to a reinforcing of AML/CFT compliance by obliged entities and would not be in line with the Commission's Communication "Reinforcing sanctioning regimes in the financial services sector". The playing field among obliged entities from different Member States would remain unlevel.

2. Introduce a set of common principles-based rules to strengthen administrative sanctions, along the lines of the Commission's policy as outlined in its Communication 'Reinforcing sanctioning regimes in the financial services sector: this option would enhance effectiveness of the AML/CFT regime by improving compliance by obliged entities and allowing for a more consistent approach across Member thereby ensuring a greater level playing field for EU companies and facilitating the business environment. Some adjustment costs would be incurred, and a degree of flexibility for Member States would be curtailed.

3. Introduce a detailed set of prescriptive rules, (e.g. setting the minimum level of sanctions according to different offences and for each category of administrative fine): this option would fulfil the same objectives as option 2. However, it would reduce flexibility for Member States (not fully in line with Operational Objective 2). As legal systems and traditions vary considerably within the EU, it could be prove difficult in practice to agree on a fully harmonized sanctioning regime.

Stakeholders' views

Around one quarter of respondents expressed a view on this issue.  A majority were in favour of greater harmonisation of the sanctioning regime across Member States.  Support came in particular from the business sector, on the grounds that there was a need to ensure a common/uniform application of the administrative sanctions regime, in order to avoid that one national system might be more favourable than another.  It was also argued that providing more powers and sanctions for AML/CFT purposes would send the right message that was currently lacking.  Public authorities were also supportive, stressing that harmonisation would be an efficient tool for the prevention of regulatory arbitrage.  However, it was also argued that while it would be useful for all Member States to have a legal basis to apply countermeasures when they considered it appropriate to do so, rigid prescription of such countermeasures at EU level would greatly undermine the risk-based approach and would be against the principle of subsidiarity.

Conclusion

In view of the need to strengthen sanctions with a view to more effective enforcement of the rules, but given that systems in place in the Member States function very differently, a flexible not overly-prescriptive approach appears the most appropriate. For these reasons the Commission has a clear preference for option 2.

III. Policy Options relating to Operational Objective 3 (Ensure that the rules are risk-focussed and adjusted to address new emerging threats, by strengthening and clarifying current requirements).

11. Broaden the scope to cover the gambling sector and address new threats

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. Maintain current approach || 0 || 0 || 0

0 || 0 || 0

2. Change scope to cover the gambling sector based on a broad definition – exemptions only if there is a very low risk of ML/TF || + Enhances effectiveness of the fight against ML/TF + Levels the playing field with non-obliged gambling sector + Exceeds Operational Objective 1 + In line with Operational Objectives 2 and 3 || + Simpler to apply + Risk based approach allows exemptions in cases of very low ML/TF risks || + Consistent with the Internal Market

|| - Additional costs to sectors not currently covered by the framework -Additional costs to supervise ||

3. Change the scope to cover gambling activities where there is a proven higher risk || + Enhances effectiveness of the fight against ML/TF + Levels the playing field with non-obliged gambling sector + Exceeds Operational Objective 1 || + No costs for gambling activities which are not identified as higher risk ||

- Less flexible to emergence of new risks -  Not fully in line with Operational Objectives 2 and 3 || - More complex to apply due to need for identification of higher risk activities - Additional costs to sectors not currently covered by the framework - Additional costs to supervise || - Requires a supranational assessment of risk

The Third AMLD includes "casinos" within its scope but without providing any definition. Activities "performed" on the Internet (recital 14) are also covered. There are concerns that the absence of a clear definition leads to different approaches at national level, and leaves important areas of the gambling business which may be particularly vulnerable to AML/CFT outside the scope of the preventative framework.

Three options are considered:

1. No change: this option would entail no additional costs for the as yet uncovered gambling sector, however the ML/TF vulnerabilities would remain, as would the costs of cross-border compliance resulting from different national regulatory approaches. The playing field for AML regulated vs. non AML regulated gambling activities would remain unlevel.

2. Broaden the scope of the Directive beyond "casinos" to cover the gambling sector, based on a broad definition of gambling. The scope for exemptions from coverage would be limited only to circumstances where there is a very low risk of ML/TF: this option would entail costs for those higher risk gambling businesses not currently caught by the existing AML/CFT framework (e.g. sports betting, betting shops, lotteries, etc.). Introducing AML/CFT systems entails high compliance costs – especially in terms of the initial investment needed. It is much harder, on the other hand, to estimate the potential benefits of closing down an important avenue of money laundering to organised crime.

3. Broaden the scope of the Directive beyond "casinos", but include only those gambling activities where there is a proven higher risk: this option would be impose no costs on certain gambling businesses which remained outside the scope of the Directive. However identifying which types of activity are not higher risk may in practice be difficult, and the approach may not be flexible enough to respond to market changes which result in the emergence of new, unforeseen risks.

Stakeholders' views

Almost one third of respondents expressed views on this topic.  There was strong support to include gambling, and to ensure that it covered both land-based and on-line gambling activities (including e.g. sports betting, horse racing and lottery games).  Most of those respondents stressed the need for a risk-based approach (which in their view would therefore exclude e.g. arcades, kiosks and gas stations from the scope of the Directive). Most respondents from the gambling sector also pointed that such an extension would imply provisions on CDD and supervision would need to be adapted in light of the specificities of on-line and land-based gaming activities other than traditional casinos.

Conclusion

In view of the need to address threats of money laundering in the gambling sector more broadly than the current limitation to casinos, and in view of the fact that applying a broad definition of the scope of gambling would be more straightforward than attempting to determine at EU level which specific areas of gambling might be considered higher risk (such an assessment might vary across jurisdictions) the Commission has a clear preference for option 2.

12. Clarify application of data protection rules in the context of AML/CFT

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. Require MS to clarify interaction between AML/CFT and DP rules at national level || + Reduced uncertainties for entities; better compliance with AML and data protection requirements + Enhanced level of respect of data protection rules + In line with Operational Objectives 1 and 3 || + Member State authorities would retain flexibility ||

- Incoherence across Member States || || - Not in line with Internal Market

3. Introduce new rules in the AML Directive to clarify interaction, in particular as regards data retention and data sharing within the groups || + Enhanced coherence across Member States; + Reduced uncertainties for entities;  better compliance with AML and data protection requirements + AML group-wide compliance facilitated + In line with all  Operational Objectives || + Cost savings  for groups || + In line with Internal Market + In line with International Standards + In line with Commission's Data protection proposals

- Data sharing with third countries whose DP regimes have not been recognised likely to remain problematic || - Possibly difficult to agree on a wording which reflects an appropriate balance between AML and DP objectives ||

Private stakeholders point to a number of practical difficulties as regards their ability to comply with AML requirements while at the same time adhering to rules aimed at ensuring a high level of protection of personal data. These difficulties include sharing of information within the group or between FIUs, screening on the basis of non-EU sanctions lists, consent of the data subject, record keeping, and legal uncertainties with regard to processing of AML/CFT related data within entities. The recently proposed EU Regulation and Directive on data protection[114] are aimed at strengthening and clarifying data protection rules and might need to be clarified in the revised AML/CFT legal framework. In its Opinion 14/2011[115], the Article 29 data protection working party called for more detailed consideration of data protection issues in the AML legislation, in particular as regards retention of personal data.  One particular issue is the requirement, reinforced by the new FATF standard, to implement at a group level AML/CFT programmes, including policies and procedures for sharing information within the group. Within the EU, institutions experience in practice some restrictions from local data protection authorities to the sharing of data (e.g. restrictions to information sharing on STRs, to information flows to the auditors of the Head Office). Data sharing with third countries whose data protection regimes are not considered adequate may raise other difficulties.

1. No change: this option would entail no additional costs. However obliged entities would continue to experience difficulties in their AML compliance all the more so as reinforced rights stemming from the new EU data protection proposals (e.g. a reinforced right to be forgotten, information about data security breaches) could lead to new legal uncertainties. Inconsistency across Member States would continue to exist, leading to uneven level playing field. As regards data sharing within the groups, institutions will continue to experience legal uncertainties and practical difficulties.

2. Require Member States to clarify interaction between AML/CFT and data protection rules at national level (e.g. by issuing guidance, setting up a dialogue between data protection and AML/CFT authorities, or introducing specific rules into national AML laws):  this option would help reduce legal uncertainties to which businesses are confronted in their day-to-day operations and therefore enhance their compliance with AML rules while at the same time ensuring compliance with a high level of data protection. However, incoherence across Member States would continue to exist as a result of differing national interpretations, implying costs for cross-border businesses and complications for groups operating cross-border group compliance of AML/CFT programmes. As regards the particular issue of data sharing within the group, this option would not bring a satisfactory solution. Indeed, if clarification is offered only at national level, entities of the groups established in different Member States might still not be able to share data due to inconsistencies in national legislations/practices of national data protection authorities.

3. Introduce new rules in the AML Directive to clarify the interaction between AML/CFT and data protection rules: this option would help reduce legal uncertainties to which businesses are confronted in their day-to-day operations and notably facilitate cross-border group compliance of AML/CFT programmes, which would be in line with the new international standards. New provisions might clarify how long data can be held by obliged entities, the circumstances under which data can be transferred to third countries, and ensure that data collected for AML/CFT purposes cannot be processed for commercial purposes.

Stakeholders' views

Many stakeholders complained that national data protection rules impacted effective intra-group transfer of information – this was one of the most important factors generating administrative burdens and reducing the effectiveness of AML procedures.  The business sector also warned about three further issues:

· under the current data protection regime, there are serious restrictions on disclosure and transfer of personal data to third country public authorities;

· there are difficulties with respect to data retention periods;

· under the proposal for a data protection Regulation, it is not clear how the empowerment to introduce restrictions of data protection principles will be interpreted. 

There was unanimous recognition of the need to address these issues by ensuring effectiveness in monitoring and reporting in ways which would not breach data protection principles.  Diverging opinions were however expressed on the right way forward.  Support for the idea of introducing more detailed data protection provisions for AML/CFT purposes was particularly strong from business.

Conclusion

In view of the need to ensure a high level of data protection whilst at the same time ensuring proper compliance with AML rules, it appears appropriate to ensure an adequate legal basis for data processing in specific AML legislation. This would be best achieved within an EU Directive, as opposed to in national legislation, as this would be the best way of ensuring coherence across Member States and facilitating personal data sharing for AML purposes across groups (particularly across borders). For these reasons, the Commission has a clear preference for option 3.

13. Threshold for traders in high value goods: Strengthen the preventive measures

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

1. No change || 0 || 0 || 0

0 || 0 || 0

2. Reduce the threshold (scope and requirement to conduct CDD to €7,500) || + Addresses risk of use of cash + Exceeds Operational Objective 1 + In line with Operational Objectives 2 and 3 || + Targets the black economy || + Brings threshold more in line with common practice in MS + Compliments policies aimed at the free movement of persons + Shows EU response to address actual ML concerns

|| - May bring more obliged entities into scope, or push them towards accepting other payment means, with potential cost implications ||

3. Reduce the threshold (scope and requirement to conduct CDD) to zero || + Firm controls on the use of cash + Exceeds Operational Objective 1 + In line with Operational Objectives 2 and 3 || + Targets the black economy || + Single threshold would promote certainty + Compliments policies aimed at the free movement of persons

|| ||

- Risks driving the use of cash underground - Financial inclusion impacts || - May bring more obliged entities into scope, or push them to accepting other payment means, with potential cost  implications - Challenging to monitor compliance || - Singles out this sector for more stringent rules

The existing Directive covers natural or legal persons trading in goods but only if they accept cash payments of €15,000 or more.  CDD is required for occasional transactions above this amount.  Evidence suggests that some Member States are applying lower thresholds, which has resulted in driving the use of traders for the purposes of laundering the proceeds of robberies to other Member States.

Three options are considered:

1. No change: this option would mean no change in the numbers of traders brought into scope and no change to the threshold for CDD.  Although this would be the least costly option, it would fail to address risks identified by a Member State.

2. Reducing the scope and CDD thresholds to €7,500[116]: this option would bring more traders into the scope of the Directive, and mean that they would need to apply CDD measures for cash transactions of €7,500 and above.  This lower threshold would potentially bring a larger number of traders into the scope of the Directive, and may mean that CDD would be carried out for more transactions, or alternatively that the number of cash transactions actually executed above €7,500 would be considerably reduced as traders insisted on other means of payment.  This option would address concerns about the use of cash in the black economy as well as that the higher threshold has resulted in the proceeds of robberies from one Member State (which has lowered the threshold) being laundered in other Member States with higher thresholds.  This would reduce the attractiveness of using the sector in the EU to launder criminal proceeds.

3. Reducing the scope and CDD thresholds to zero for specified obliged entities (e.g. dealers in precious metals and stones, second hand car dealers, auction houses): while it would be effective in limiting the use of cash, the inconvenience and potential costs may be disproportionate as compared with the perceived benefit.  Effectively requiring AML controls for all transactions (especially CDD) could drive the use of cash into the unregulated sector and could have impacts on financial inclusion. It would also prove challenging and resource intensive for competent authorities to ensure compliance.

Stakeholders' views

The opinions expressed on this issue diverged according to the different categories of respondents.  Whereas several public authorities considered it appropriate to reduce the current thresholds in respect of occasional transactions (suggestion was made, for example, to substitute the current € 15,000 threshold to a minimum € 1.000 threshold, or even to a € 1 threshold in case of payment in cash, or via a prepaid card), the majority of respondents from the business segment (mainly financial services), although generally in favour of ensuring greater harmonisation across the MS, did not see a real need for lowering this amount and warned about the cost implications.  Respondents belonging to certain professions (accountants, lawyers) also stressed the importance of clarifying the scope of the provision, and particularly the meaning of 'several operations which appear to be linked'. 

Conclusion

There is a need to address vulnerabilities caused by different national approaches to ensuring that traders in high value goods apply CDD in appropriate circumstances. Reducing the threshold to conduct CDD to zero for certain specified traders may result in disproportionate costs. For that reason, the Commission has a preference for option 2, which is more proportionate to the Operational Objectives and would reduce the attractiveness of using the high value goods sector to launder the proceeds of robberies, while bringing greater convergence of approaches across Member States. 

14. Strengthen the capacity of FIUs to cooperate across borders

Policy options || Comparison criteria

Effectiveness || Efficiency || Coherence

Maintain current approach || 0 || 0 || 0

0 || 0 || 0

Strengthen FIU powers and cooperation by introducing new provisions in the Directive || + Enhanced effectiveness of the fight against ML/TF + in line with Operational Objectives 1 and 2 + in line with Specific Objective 2 || + Enhanced legal clarity || + Complements the EU's Internal Security Strategy

|| - Some difficulties to exchange information may remain ||

Establish a single European FIU || + Enhanced effectiveness of the fight against ML/TF + in line with Operational Objectives || + potential advantages in terms of economies of scale and efficiencies || + Complements the EU's Internal Security Strategy

- Requires substantial modifications to Member States' laws permitting cross-border cooperation and information sharing || - Potential additional costs at EU level || - Risk to delay agreement on the full package due to Member State concerns about sovereignty

Article 38 of the Third AMLD establishes a role for the Commission to facilitate coordination between FIUs, but does not otherwise deal with FIU cooperation.

The current framework for FIU Cooperation is based around a Council Decision dating back to 2000. However FIUs have complained that the current arrangements contain a number of shortcomings: cooperation on terrorist financing is not foreseen in the Decision and the recent past international events have brought to light difficulties for FIUs to cooperate on the basis of lists of designated persons, or to take action before an STR has been filed. Member States have different interpretations about the legal basis granted by the Decision to undertake specific types of cooperation, such as the automatic exchange of information when links are found with another Member State. Some of the problems in exchanging information stem from the different powers that FIUs have at national level, including the possibility to access information, and this has consequences for the effectiveness of cooperation.

Three options to strengthen cooperation are considered:

1. No change: this option would entail no additional costs. However deficiencies in cross-border cooperation would remain, and may constitute a factor of vulnerability in the AML/CFT framework.

2. Strengthen FIU powers and cooperation by introducing new provisions in the Directive: the FIU Platform has submitted a set of proposals aimed at enhancing cooperation, including providing an explicit legal basis for the matching of anonymous data between the EU FIUs or clarifying data protection rules to explicitly allowing certain types of information exchange: this option would not be especially costly to implement, and would serve to remedy the most significant problems encountered by FIUs. However it would be unlikely to overcome all the cooperation issues faced by FIUs.

3. Establish a single European FIU to receive and analyse and disseminate to the competent authorities disclosures of information from obliged entities operating within the EU: this option would require additional funds to be made available at EU level, and may raise concerns among Member States about sovereignty, and require quite far-reaching changes to Member States' rules and existing arrangements. However it would be more suited to an integrated EU financial market, and would also be arguably the most efficient and effective way to combat money laundering and terrorist financing across the EU, by allowing a more complete overview of the situation across the Internal Market. It would overcome the current cooperation difficulties which exist between national FIUs.

Stakeholders' views

Only a small number of respondents expressed a clear view on this issue. Of those that did, there was general support for the idea that effective co-operation and information sharing between FIUs across the EU was important and should be treated as a priority.  Several respondents strongly supported inclusion into the Directive of the proposals discussed at the FIU platform.  This support was however in some cases associated to the view that the Directive should not go beyond the international standards regarding international co-operation by calling for harmonisation, and that further experience of the impact of some new elements should be gained before going further in the harmonisation of powers at EU level.

Conclusion

The establishment of a single FIU would certainly be an efficient and cost effective means to ensure reception, analysis and dissemination of money laundering and terrorist financing reports in the Internal Market. However as it would require substantial modifications to Member States' legal frameworks and existing structures, and raise concerns about Member States' sovereignty, the Commission has a clear preference for option 2, which should nevertheless meet the operational objectives and result in increased effectiveness in the fight against ML/TF.

ANNEX IV: Costs of Compliance with the Third AMLD by Cross-Border Banking Groups at Group Level (Extract from the Commission Staff Working Document Sec(2009) 939 Final)

The cost of compliance with AML requirements is not insignificant and has increased in recent years following the regulatory changes introduced in the EU, notably the AML Directive[117].

A recent external study has examined for the Commission the cost impact of compliance for certain types of firms within the financial industry (including banks) with six key EU directives in the financial services area, including the AML Directive[118]. The study focuses on the so-called ‘incremental compliance costs’ caused by regulation, not on the total costs of activities that happens to contribute to regulatory compliance[119].

The study separately identifies cost impacts that are of a one-off nature (i.e. those costs that only have to be incurred once in making the transition, such as IT investment and the re-shaping of business processes) from those that are recurring in nature (i.e. on-going costs as a result of regulation). The ongoing costs of compliance for any given firm are typically lower than the one-off costs. Looking at the different sectors surveyed, recurring costs are mostly between 15 and 20 per cent of the implementation cost recorded (with some exceptions)[120]. Figure IV.1 illustrates this divergence in scale, by showing the dispersion of the results obtained for the AML Directive.

This study shows that firms have adopted different strategies in approaching the implementation of the Directive, both regarding one-off (in particular, in their willingness to put maximum reliance upon the automation of processes) and ongoing costs. The dispersion of the ongoing costs — and general business experience — suggest that firms have experienced mixed results in terms of their success in achieving this objective. Indeed the study shows a wide dispersion of results.

Figure IV.1: Dispersion of one-off and ongoing costs of the AML Directive (expressed as a percentage of 2007 operating expenses)

Source: Europe Economics (2009), figure 3.

TABLE IV.1 – AML Directive – One-off costs of compliance[121]

|| Banks & financial conglomerates || Investment banks || Asset managers || Financial markets

Mean[122] (percentage of 2007 operating expenses) || 0.29% || 0.23% || 0.21% || 0.16%

Median[123] (percentage of 2007 operating expenses) || 0.31% || 0.32% || 0.24% || 0.03%

Total financial services regulatory compliance costs[124] (percentage of 2007 operating expenses) || 2.90% || 2.25% || 1.58% || 3.40%

|| || || ||

Mean: average absolute value of the incremental cost changes, per firm (€000s) || 4,588 || 2,507 || 825 || 33

Total financial services regulatory compliance costs (€000s) || 45,149 || 24,569 || 5,565 || 694

Average of operating costs (€000s) || 1,558,072 || 1,030,071 || 384,582 || 20,403

 

A) The one-off costs of compliance

With respect to one-off costs of compliance (see Table IV.1) for banks, financial conglomerates and investment banks, compliance with the AML Directive roughly accounts for 10% of all their financial services regulatory costs. 

The difference in costs between banks and financial conglomerates on the one hand, and investment banks, on the other, may be due to the typically different client make-up[125]. The study also notes that in the AML field, firms voluntarily practice standards that are applied globally, which adds to the costs resulting from the Third AMLD[126]. If a comparison is made with the costs of compliance for asset managers, Table IV.1 shows that the one-off costs of compliance with the Third AMLD assume a higher proportion of asset managers’ total costs[127].

Out of the six Directives examined in the study, the Third AMLD ranks third in terms of cost impact for banks, financial conglomerates and investment banks, behind the Capital Requirements Directive and MiFID. These two other Directives represented the most important regulatory changes in this area in recent times and their compliance costs are significantly higher[128]. The study identifies the possibility for firms to achieve synergies between some of the requirements in the AML Directive and MiFID: a small number of institutions surveyed felt that synergies had been achieved (or could be achieved) between the “know-your-customer” requirements of the AML Directive and suitability tests of MiFID[129]. Nevertheless, very few businesses believed that any significant cost-reducing synergies had been achieved in the implementation of the various measures: the variation in the implementation dates was the most frequently cited factor behind this. Another component to this problem was that firms felt that the detail necessary to properly prepare for IT changes was not always forthcoming from the implementing authorities in a sufficiently timely manner.

The main source of Third AMLD-related compliance spending is on IT (see Table IV.2 for banks and financial conglomerates and Table IV.3 for investment banks).[130] Similarly high IT costs appear for almost all the Directives covered.

TABLE IV.2 – Cost drivers of the selected directives (banks and financial conglomerates) – one-off costs

Source: Europe Economics (2009), table 4.10.

TABLE IV.3 – Cost drivers of the selected directives (investment banks) – one-off costs

Source: Europe Economics (2009), table 4.27.

In terms of IT spending[131], this included projects designed to: (i) meet the “Know-Your-Customer” informational requirements, such as some adaptation of the existing Customer Relationship Management systems and/or some new data entry needed to meet these increased data capture requirements (in a few instances, this triggered data warehousing projects to enhance inter-system data capture); (ii) facilitate increased monitoring of suspicious transactions through increased automation of processes[132]; (iii) facilitate Politically Exposed Persons screening; and (iv) assist in risk assessment.

Training and (for larger banks) external consultants are also important sources of cost. According to the study, the importance of training in the AML field is driven by it being more generally applicable than for the other Directives: in other words, the breadth of coverage of the training believed to be necessary to comply with this measure was greater than for the others. There were also some costs associated with the re-design of training programmes and the roll-out of these[133].

These findings are fundamentally the same as those from a different (and qualitative) survey conducted in 2007. According to that survey, the drivers of higher expenditure in the 2004-2007 period appeared to be greater expenditure on transaction monitoring capabilities and upgrades to existing systems, and the provision of additional tailored training to staff (in that survey there was no distinction between one-off and on-going costs).[134]

The study notes that the implementation of the AML Directive remains a work-in-progress. Trans-national businesses have typically implemented their provisions on a group basis, either using the Directive itself as guidance or the implementation in their own Member State (if it had been implemented). Their expectation is, however, that additional expenditure will be necessary in the future to adapt to the requirements of the local transposition. Some participants argued that the uneven transposition situation represented a disincentive to early adoption[135].

B) The ongoing cost of compliance

Concerning the ongoing cost of compliance (see Table IV.4) for banks, financial conglomerates and investment banks, compliance with the Third AMLD roughly accounts for 13% of all their financial services regulatory costs[136]. In relative terms, this is a slightly higher figure than the one-off cost of compliance, possibly explained by the relatively lower on-going costs of compliance with the Capital Requirements Directive and MiFID. In any event, as for the one-off costs, these two other Directives take up the bulk of the compliance costs, with the AML Directive ranking third out of the six Directives examined by the study. If a comparison is made with the ongoing cost of compliance for asset managers, Table IV.4 shows that the ongoing cost of compliance with the AML Directive assumes a lower proportion of asset managers’ total costs, which is explained by the higher ongoing cost incurred by asset managers regarding MiFID and Prospectus Directive[137].

TABLE IV.4 – AML Directive – Ongoing cost of compliance

|| Banks & financial conglomerates || Investment banks || Asset managers || Financial markets

Mean[138] (percentage of 2007 operating expenses) || 0.08% || 0.05% || 0.07% || 0.13%

Median[139] (percentage of 2007 operating expenses) || 0.09% || 0.08% || 0.07% || 0.00%

Total financial services regulatory compliance costs[140] (percentage of 2007 operating expenses) || 0.59% || 0.38% || 0.85% || 1.70%

|| || || ||

Mean: average absolute value of the ongoing costs incurred, per firm (€000s) || 1,195 || 464 || 278 || 27

Total financial services regulatory compliance costs (€000s) || 8,540 || 3,807 || 2,532 || 347

Average of operating costs (€000s) || 1,558,072 || 1,030,071 || 384,582 || 20,403

Source: Europe Economics (2009), tables 5.1, 5.2 and 5.3.

The most important ongoing costs of compliance associated with the Third AMLD concern IT expenditure and additional staff costs (see Table IV.5 for banks and financial conglomerates and Table IV.6 for investment banks).[141] Most of the IT expenditure is linked to access costs to various databases dedicated to the tracking and screening of relevant parties such as Politically Exposed Persons, watch lists etc. Whilst some firms (generally larger banks) see automation as the only way to provide the necessary evidence of an audit trail to the regulatory authorities in the event of problems arising (as well as being cost effective by comparison to manual effort), a number of firms have retained significant (or total) human oversight in this area.

TABLE IV.5 – Cost drivers of the selected directives (banks and financial conglomerates) – ongoing cost

Source: Europe Economics (2009), table 5.10.

TABLE IV.6 – Cost drivers of the selected directives (investment banks) – ongoing cost

Source: Europe Economics (2009), table 5.27.

Ongoing training is not an insignificant cost factor. However, it the study points out that once e-learning or class-based training modules have been developed (see one-off costs), the ongoing requirements in cost terms is mitigated[142]. It is also noted that whereas large banks spent proportionately more than small banks on training as a one-off cost, the proportion of training within ongoing costs is lower. This would be consistent with larger banks being more reliant on e-learning and e-training.[143]

ANNEX V: Sector by Sector Analysis of Impacts V.1. The Banking Sector

General description of the Sector

The European Banking Sector is the largest in the world with over 6,800 institutions, over three million employees and total assets of over 40 trillion EUR. The total number of bank employees amounted to 3.2m[144]. In 2010, the total number of non-cash payments in the EU increased by 4.4% to 86.4 billion, of which card payments accounted for 39% of all transactions, while credit transfers accounted for 28% and direct debits for 25%[145].

Compliance costs

Over the past years financial institutions made important investments to set up compliance departments and procedures to fight against money laundering and terrorism financing. One large EU bank, with several hundred thousand employees estimated that around 10% of its workforce was involved (fully or partially) in AML compliance work.

Money Laundering in the Banking Sector (US)[146]

In March 2010, a US bank, Wachovia, settled the biggest action yet brought under the US bank secrecy act. In published court documents, across-the-board failings were identified in the bank's AML system.

Over the course of 2004-2007, Wachovia conducted transactions with Mexican currency exchange houses (CDC's), allowing them to wire transfer funds through accounts at Wachovia to recipients throughout the world. According to the court documents, Wachovia did not have an effective anti-money laundering policy or procedure to monitor these transactions to detect and report potential money laundering activity. From May 2004 to May 2007, at least $373 billion in wire transfers were made from the Mexican currency exchange houses to Wachovia accounts; more than $4 billion in bulk cash was transported from the CDCs in Mexico to accounts at Wachovia; and approximately $47 billion was deposited at Wachovia accounts through a “remote deposit capture” service. These monies included millions of dollars that were subsequently used to purchase airplanes for narcotics trafficking operations. Ultimately, more than 20,000 kilograms of cocaine were seized from these airplanes.

According to the information and other documents filed with the court, Wachovia failed to effectively monitor for potential money laundering activity more than $420 billion in financial transactions with the CDCs.

The bank was sanctioned for failing to apply the proper anti-laundering strictures and paid federal authorities $110m in forfeiture, for allowing transactions later proved to be connected to drug smuggling, and incurred a $50m fine for failing to monitor cash used to ship 22 tons of cocaine.

V.2. The Payments Sector

General description of the Sector

The total number of credit institutions and payment institutions in the EU offering payment services to non-monetary financial institutions in 2010 amounted to 8,604[147].

Compliance costs

One Payment Institution has provided estimates for the cost applicable to Compliance/AML functions. It has a total headcount of 238 persons dedicated to Compliance/AML functions. This does not include headcount relating to other departments that closely support the Compliance/AML function, e.g. the Legal and Regulatory Affairs departments. The total headcount of this Payment Institution's group is just over 2400, and therefore Compliance/AML represents approximately 10% of the company’s total headcount. 

Additionally, other costs can be attributed to the running of our Compliance/AML function, e.g. the cost of external consultants, the cost of real estate to cater for the Compliance/AML personnel, IT costs relating to specific software/hardware needed for compliance reasons (e.g. use of external databases to verify customers’ ID).

Terrorist Financing in the Payments Sector (Belgium - Informal Money remittance System)

An East African residing in Belgium, Mr X, stated that he performed Hawilaad banking activities. His account was exclusively credited by cash deposits and numerous transfers in small amounts. During several months the funds were transferred to company A in Eastern Africa. Shortly afterwards the funds were transferred to company B in Western Europe. Companies A and B performed money remittance transactions around the globe. Mr X claimed that he performed Hawilaad activities for fellow countrymen wishing to send money to Eastern Africa. However, he did not hold any position within Belgian companies and he was not registered as manager of an authorised exchange office. The individual did not have an authorisation from the CBFA (banking supervisor) either. Police sources revealed that he was known to be a member of a terrorist organisation. In this case the alternative remittance system may have been used for terrorism financing.

Money Laundering through money transmitters (France)

An individual "A" residing in an Eastern Europe country received hundreds of funds transfers usually in small amounts through a money remitter service provider initiated by more than 35 women of the same nationality as individual A. Typically the number of remittances initiated by each person was small (four on average). The addresses disclosed by the women referred to different hotels situated in Paris. Most of the women did not have a criminal  record and did not hold a bank account. One of the women however had opened bank account in France and indicated as her address the address of a company whose manager was convicted for aggravated procurement some years ago.

The case was transmitted by Tracfin (the French FIU) to the judicial authorities on a presumption of involvement in the procurement of prostitutes.

Source: Money Laundering through Money Remittance and Currency Exchange Providers – 2010 2011 Moneyval and FATF/OECD

V.3. The E-Money Sector

General description of the Sector

E-Money can be issued by licenced credit or financial institutions, or else by specialist licenced E-Money institutions, of which there are currently around 35 such institutions operating under the EU E-money licence[148]. Throughout the EU in 2010, total number of e-money purchase transactions stood at just over 1 billion, accounting for 1.2% of the total number of transactions[149].

The e-money product first introduced and in use is the 'electronic purse', which allows users to store relatively small amounts of money on a payment card or other smart card, to use for making small payments. E-money can also be stored on (and used via) mobile phones or in a payment account on the internet. In the latter case, funds are stored on a central server (e.g. at the provider) and are often used in pre-funded personalised online payment schemes, involving the transfer of funds stored on a personalised online account (not including traditional bank deposits). The best-known example of these services is PayPal. The advantage for consumers is that it allows them to purchase in a secure way on the internet without disclosing credit card details. Another increasingly popular e-money product is based on prepaid cards which are not linked to a bank account, but instead often used in conjunction with online accounts for purposes such as e-gambling. Card issuers using the MasterCard brand alone provide 11 million prepaid cards in the EU.[150]

Compliance costs

Compliance costs will vary considerably according to each business model, and the Commission has received no publishable data in this respect.

Given the often low value involved in payment transactions, some representatives of the E-Money industry have expressed concerns about changes which would entail a need to conduct due diligence measures at an early stage in the relationship with the customer. The current simplified regime in the Third AMLD allows Member States to not require application of CDD in the case of E-money where a non-rechargeable device where the maximum stored value is €250, or in the case of rechargeable devices until a limit of €2,500.

Money Laundering in the E-Money Sector

Many New Payment Methods rely on a business model where face-to-face customer contact is minimal or non-existent. This can facilitate abuse by criminals for money laundering purposes.

In some cases some shortcomings in some providers´ identification and verification processes and monitoring systems is likely to have contributed to the illegal activity going undetected for some time.

Laundering of phishing activity proceeds through prepaid cards (Italy)

In this case, prepaid cards are used as transit accounts where criminals sent funds from bank accounts after identity theft of the accounts’ holders. The phisher pretended to be the bank account holder and sent funds to the prepaid card that was issued in the name of a strawman. After the funds were transferred to the card, a corresponding amount of cash was withdrawn at ATMs.

Laundering of counterfeiting and fraud proceeds through open-loop prepaid cards (Belgium)

Within a few months, the accounts of Mr. POL and company BE were credited by international transfers for some € 500 000 from a Swiss company acting as an agent and trader in securities. These funds were used to load prepaid cards. In most cases, these cards were loaded with € 5 000 (maximum limit). Mr. POL claimed to have loaded these prepaid cards because he had given them to his staff for professional expenses. As soon as the money was loaded on the cards, the card holder quickly withdrew the money by repeatedly withdrawing cash from ATM machines.

Mr. POL was the subject of a judicial investigation regarding counterfeiting and fraud. Given the police information on Mr. POL, the funds from Switzerland may have been of illegal origin and linked to the fraud and counterfeiting for which Mr. POL was known. This hypothesis was confirmed by the ingenious scheme (international transfers, prepaid cards and cash withdrawals) used to repatriate funds to Belgium.

Source: FATF report: Money Laundering Using New Payment Methods October 2010

V.4. Accountants and External auditors

General description of the Sector

With respect to external accountants, a recent survey carried out by FEE , the national professional institutes of accountants and auditors across 30 European countries (27 EU Member States plus Croatia, Iceland and Norway) quantified total membership at around 700.000 members. Some of these members also provide tax advice.

Professional accountants provide a wide range of - sometimes mutually exclusive - services, including preparation of financial information, tax services, statutory audit, as well as many innovative services in the areas of non-financial reporting, assurance services other than statutory audit, sustainability and corporate social responsibility, strategy and management consultancy and corporate governance.

With respect to the audit profession, there are estimated to be over 230,000 approved statutory auditors and audit firms in the EU[151].

Compliance costs

One large UK-based accountancy firm has estimated AML compliance costs as follows: 

The compliance team consists of an equity partner (30-50 % of their time), a director (full-time) a senior manager and 5 other assistants.  In addition, a team of around 100 other staff work in back office compliance. 

Web based training courses cost c£100,000 which is cost effective for around 15,000-16,000 staff.

Customer Due Diligence checks take around 0.5 – 1 hour for a "normal" client, and up to a day or 2 even days for more complex corporate/trust clients.

Source – meeting report with the Accountancy sector.

Money Laundering involving accountants and tax advisors (The Netherlands)

The Tax Administration and the Fiscal Intelligence and Investigation Service discovered activities involving the allocation of securities as a means to effect tax fraud. These activities involved the use of false documents, in violation of tax and criminal laws. The cases involved different players in the financial sector; involving employees of financial institutions along with accountants and tax advisors.

The cases investigated have in common the misuse of a normal and legitimate service provided by banks, broker-dealers and other institutions licensed to trade in securities: the ability to transfer securities held electronically.

The misuse in the Dutch cases was triggered by a difference in the way capital gains and losses were treated for the income and corporate tax purposes. In short, capital losses are not deductible for income tax purposes, but are included in the tax base for corporate tax. Individuals transferred securities between their personal portfolio and a corporate securities portfolio over which they had control. Depending on what was necessary in the specific case, securities were transferred in either direction. In the case of a loss that occurred in the personal portfolio, the relevant securities were transferred to the corporate stock portfolio and vice versa.

Source: Money laundering and terrorist financing in the securities sector October 2009 FATF

http://www.fatf-gafi.org/media/fatf/documents/reports/ML%20and%20TF%20in%20the%20Securities%20Sector.pdf

V.5. The insurance Sector

General description of the Sector

In the insurance sector, total life insurance premiums end 2010 amounted to €676 billion; there were over 5000 insurance companies (end 2010) and close to one million employees working in the insurance sector (life + non-life combined).

Compliance costs

In general, insurance firms need to make large investments in order to comply with the AML rules. Insurance Europe has provided the following estimates for the current cost of compliance in several markets:

· The Association of British Insurers estimates the current cost of compliance of one of its members. In terms of staffing, annual costs for 6 full time equivalent posts are estimated at £400,000 per annum.  An additional 55 people who devote part of their time to active AML controls are estimated at £250,000 per annum. In addition, automated electronic controls instigated over the past 4 years cost an additional £6m.

· Most insurers have made investments in automatic detection systems (recommended at least for larger insurers in Belgium by the Belgian supervisory authority). In addition, insurers are also obliged to (continuously) train their employees on the risks of money laundering through insurance. The more fundamentally the system changes the more costs the insurers will incur as they will be obliged to update their whole system, their training programmes for employees etc.

· For the Netherlands, the following cost indications were provided:

o ABZ is an IT supplier in the Dutch insurance sector: the higher the number of records that have to be dealt with by ABZ, the higher the category of costs ABZ will charge. Categories vary from 1 to 10. One Dutch insurer has 20 million records in total which need to be checked 6 times per year (a requirement of the Dutch Supervisor). Consequently this means that 120 million records need to be checked per year, for which ABZ will charge according to category 10: costs of such an audit will reach € 100,000. In addition to these costs, costs for licenses per user/business and cost of the PEP list will be also charged.

o The estimated increase in online checking costs would be € 500,000 to 1,000,000. Furthermore, internal handling costs for PEP reports from inspections are estimated at 16,000 reports per year (assuming 10% of the PEP-list which consists of 160,000 PEPs) and continuous monitoring (estimate 3 for three full time employees = 3 x 50,000 = € 150,000).

Insurance Europe has indicated that in many EU countries, the current AML regime for the insurance sector has resulted in higher costs in terms of resources, unnecessary and inefficient use of resources, and which did not appear helpful in terms of law enforcement. They argue that resources should have been best used and applied only to those products that actually present a risk for ML/TF.

However Insurance Europe also believes that the expansion of the RBA across all anti-money laundering areas will result in a sound and logical asset and resource allocation to those areas where the real risk of money laundering exists. This could be a real improvement, especially with regard to very labour intensive measures such as identification of beneficial owners or Politically Exposed Persons (PEPs). The RBA enables companies to focus ML compliance resources where there is the greatest ability to be helpful to law enforcement, provided there is a strong requirement that insurance companies have completed and documented a detailed ML risk assessment of their own products and business.

Money Laundering through the Insurance sector (Bulgaria)

A single premium on a life policy, totalling more than €500,000 was paid on behalf of Mr A by Mr A’s employer, who was a related person.

Half of the amount was withdrawn by Mr A within a month of paying the premium. A request for withdrawing the balance of the amount was filed at the same time.

In follow-up to a report to the FIU, checks revealed that Mr A had a criminal record and was involved in pending legal proceedings. It also emerged that Mr A was allegedly involved in drug dealing and assassinations. Following further investigation and collection of information, including tax records, CTRs, and movements of funds on Mr. A’s accounts the relevant information was forwarded to law enforcement agencies.

Source: Typology research: Money laundering through private pension funds and the insurance sector – October 2010.

http://www.coe.int/t/dghl/monitoring/moneyval/typologies/MONEYVAL(2010)9_Reptyp_full_en.pdf

V.6. Lawyers/notaries

General description of the Sector

With respect to notaries, the total number in the EU is estimated to be around 38,500[152].

With respect to the number of independent legal professionals, the total number is estimated to be around 900,000 (2008)[153].

Compliance costs

Representatives of the legal and notary professions have indicated that cost of compliance with AML/CFT rules is a key concern. 

· Notaries have indicated that the principal costs of compliance stem from technology (building systems) and external costs (such as subscribing to PEPs databases).

· Lawyers have in particular highlighted the time cost in dealing with compliance issues, with what is perceived as little added value for AML, as the vast majority of their cases are lower risk. 

Representatives of both professions have felt that the burden falls more greatly on small businesses, although they did not disagree that smaller firms do not necessarily always have lower risk clients[154]. 

Money Laundering involving a Lawyer (Spain)

A lawyer created several companies on the same day (with ownership through bearer shares, in order to conceal the identity of the true owners). One of these companies acquired a property that was an area of undeveloped land. A few weeks later, the area was re-classified by the town hall where it was located so that it could be urbanised.

In successive operations at the Property Registry, the lawyer transferred the ownership of the property by means of the transfer of mortgage loans constituted in entities located in offshore jurisdictions.

With each successive transfer of the property, the price of the land was increased. The participants in the individual transfers were shell companies – also controlled by the lawyer. Finally the mortgage was cancelled through payment by cheque issued by a correspondent account. The cheque was received by a company different from the one that appeared as the acquirer on the deed (cheque endorsement). Since the company used a correspondent account exclusively, it could be concluded that this company was a front company set up merely for the purpose of carrying out the property transactions.

After further investigation, it emerged that the purchaser and the seller were one and the same person: the leader of a criminal organisation. The money used in the transaction had illicit origins (drug trafficking). Additionally, in the process of reclassification, administrative anomalies and bribes were detected.

Source:  ML/TF through the real state sector FATF June 2007

http://www.fatf-gafi.org/media/fatf/documents/reports/ML%20and%20TF%20through%20the%20Real%20Estate%20Sector.pdf

V.7. The gambling sector

General description of the Sector

The overall size of the gambling market, measured in terms of "Gross Gaming Revenues" (i.e. stakes minus winnings) is equal to €71.9 bln (off-line) and €8.5 bln (on-line) in 2010. The market share of on-line business is growing rapidly.

With respect to Casinos, there were an estimated 800 casinos operating in the EU, employing 60,000 staff. Lotteries employ 19,000 staff, while the gaming and amusement machines and devices sector (not casinos) employ 245,000 staff.

Compliance costs

The European Casino Association (ECA) have provided individual anonymous data for compliance costs under the Third AMLD for two casinos (Casino A and Casino B)[155]:

Money Laundering Typology in the gambling sector

Money laundering in a Casino (UK)

One money laundering conspiracy involved millions of UK pounds from organised criminal gangs being laundered by a group of men from West Midlands. The money laundered included the profits from a number of activities including drug trafficking, multi-million pound VAT conspiracies in the mobile phone industry, counterfeiting and credit card fraud. The monies were a mixture of Scottish and English notes. The defendants would transfer large amounts of money to a back account in Dubai, which would then be accessed by their associates. The defendants received the proceeds of crime in the UK and made equivalent amounts of criminal monies available in Dubai. They then utilised the gambling industry to launder the money. Money was placed on a deposit at a casino and withdrawn a day or so later. Other sums would be gambled. Thousands of pounds would be passed over the tables in order to disguise the original source of the banknotes. Monies gambled or exchanged at the casino provided the defendants with an apparently legitimate explanation as to their source.

Source: FATF report: Vulnerabilities of casinos and gaming sector (March 2009)

V.8. Real estate sector

General description of the Sector

The total number of real estate agents has been quantified by Eurostat at 1.3 million enterprises and 3.3 million employees (2009)[156].

Money Laundering in the Real Estate Sector ("THE WHITE WHALE CASE")[157]

In Spain, drug-trafficking proceeds were laundered through a scheme involving shell companies and investments in the real estate sector. Beneficial ownership was kept hidden and notaries and lawyers were misused. Despite the fact that there were suspicions of money laundering (incorporation of several companies by the same persons within a short period of time, same partners in several companies, several real estate purchases in a short period of time, etc.) and although public notaries were obliged to report under the Spanish anti-money laundering law, transactions were not disclosed to the Spanish FIU

The launderer transferred funds from a foreign country to a non-resident account owned by a Spanish company. The funds were pooled in the account of the Spanish company under the guise of foreign loans received. At the final stage of the process, the funds were used to purchase real estate properties in the name of the Spanish company, with the identity of the money launderer and the beneficial owners remaining hidden.

The off-shore companies involved in this case were “shell companies” established in a US State whose laws allow a special tax regime for such companies and for their transactions. The companies were pre-constituted in the name of an agent (usually a lawyer) before the incorporation of the company, with the document of incorporation of the company remaining inactive in the hands of the agent until the company was purchased by a client.

The total amount of money laundering from drug trafficking and prostitution was estimated at €250 million.

Source: FATF report: The misuse of corporate vehicles, including trust and company service providers (2006)

ANNEX VI: Membership of FATF and Moneyval

The Financial Action Task Force – the standard setter for international AML/CFT rules

The Financial Action Task Force (FATF) is an inter-governmental body established in 1989 by the Ministers of its Member jurisdictions.  The objectives of the FATF are to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system.  The FATF is therefore a “policy-making body” which works to generate the necessary consensus to bring about national legislative and regulatory reforms in these areas. 15 EU Member States[158], as well as the European Commission, are full members of FATF.

Membership

Argentina || Australia || Austria || Belgium

Brazil || Canada || China || Denmark

European Commission || Finland || France || Germany

Greece || Gulf Co-operation Council || Hong Kong, China || Iceland

India || Ireland || Italy || Japan

Republic of Korea  || Luxembourg || Mexico || Netherlands, Kingdom of

New Zealand || Norway || Portugal || Russian Federation

Singapore || South Africa || Spain || Sweden

Switzerland || Turkey || United Kingdom || United States 

 

Moneyval[159] – the Committee of Experts on the Evaluation of Anti-money Laundering Measures and Financing of Terrorism

The aim of Moneyval is to ensure that its member states have in place effective systems to counter money laundering and terrorist financing and comply with the relevant international standards in these fields. Moneyval currently comprises 30 members which are subject to its evaluation processes and procedures, including 12[160] EU Member States which are not members of FATF.

Membership

Albania || Andorra || Armenia || Azerbaijan

Bosnia and Herzegovina || Bulgaria || Croatia || Cyprus

Czech Republic || Estonia || Georgia || Hungary

Holy See (since April 2011) || Israel (since January 2006) || Latvia || Liechtenstein

Lithuania || Malta || Moldova || Monaco

Montenegro || Poland || Romania || Russian Federation (also FATF member since 2003)

San Marino || Serbia || Slovak Republic || Slovenia

“The former Yugoslav Republic of Macedonia” || Ukraine || ||

 

 

 

 

ANNEX VII: Efforts to measure effectiveness of AML measures by the Commission

Important first steps to measuring the effectiveness of AML measures through the establishment of a set of indicators have been taken by DG HOME and EUROSTAT, in recognition of the need to develop better statistical knowledge at national and European level and to provide a more precise and reliable diagnosis of the criminal threat. “Money Laundering in Europe”[161] is one of the fruits of a 2006-2010 action plan entitled “Developing a comprehensive and coherent EU strategy to measure crime and criminal justice”. The publication represents a first step towards enabling a cost/benefit analysis of anti-money laundering provisions, which would feed into and clarify not only political decision-making, but also operational cooperation.

While recognising the limitations - resulting from the different approaches and set-ups at national level for the combat against money laundering – of making cross-country comparisons, the report paints a useful picture of Member States’ efforts in this field. The report contains data on the number of suspicious transaction reports (STRs) filed, according to each category of obliged entity, how many reports were sent to law enforcement, how many staff are dedicated to full-time AML work within FIUs, how many cases were initiated by law enforcement agencies on the basis of STRs received, the number of cases brought to prosecution, the number of persons/legal entities convicted for money laundering offences, the number of sentences by type for money laundering offences, etc.

Further development is planned to improve data quality in future collections.    

Another important initiative aimed at assessing effectiveness is the "ECOLEF" project: the Commission (DG HOME), is currently funding research on the economic and legal effectiveness of the anti-money laundering and combating terrorist financing policy in the European Union under the lead of Utrecht University[162]. It aims at establishing a framework for an encompassing cost benefit analysis for evaluating anti-money laundering and combating terrorist financing (AML-CFT) policy, which includes countries' threat assessments. Its aim is to give financial investigators and policy makers a further sustainable tool to identify and combat ML and TF. The final Report on the ECOLEF project is expected for late 2012.

ANNEX VIII: Comparison of EU Member States' sanctions and penalties for non-compliance with AML/CFT rules[163]

According to article 39 (1) of the AML Directive, Member States shall ensure that natural and legal persons covered by the AML Directive can be held liable for infringements of the national provisions adopted pursuant to this Directive. The penalties must be effective, proportionate and dissuasive.

Article 39 (2) provides that Member States shall ensure, in conformity with their national law, that the appropriate administrative measures can be taken or administrative sanctions can be imposed against

credit and financial institutions for infringements of the national provisions adopted pursuant to this

Directive. Member States are entitled to impose criminal sanctions, but are however not obliged to

incorporate them into their national legislation.

Member States have transposed article 39 (1) of the AML Directive as follows:

· All Member States have incorporated administrative penalties, as prescribed by article 39 (2) of the AML Directive.

· All Member States have incorporated administrative measures as well.

· Although no obligation exists for Member States to foresee criminal sanctions in case of non-compliance with the national AML legislation, twenty Member States have incorporated criminal sanctions.

Table: Overview of administrative penalties, administrative measures and criminal sanctions in Member States

|| Administrative penalties || Administrative measures || Criminal sanctions

Austria (AT) || X || X || -

Belgium (BE) || X || X || -

Bulgaria (BG) || X || X || X

Cyprus (CY) || X || X || -

Czech Republic (CZ) || X || X || X

Denmark (DK) || X || X || X

Estonia (EE) || X || X || X

Finland (FI) || X || X || X

France (FR) || X || X || X

Germany (DE) || X || X || -

Greece (EL) || X || X || X

Hungary (HU) || X || X || X

Ireland (IE) || X || X || X

Italy (IT) || X || X || X

Latvia (LV) || X || X || -

Lithuania (LT) || X || X || -

Luxembourg (LU) || X || X || X

Malta (MT) || X || X || X

Netherlands (NL) || X || X || X

Poland (PL) || X || X || X

Portugal (PT) || X || X || X

Romania (RO) || X || X || X

Slovenia (SI) || X || X || -

Slovakia (SK) || X || X || X

Spain (ES) || X || X || X

Sweden (SE) || X || X || X

United Kingdom (UK) || X || X || X

Comparability of the penalties

A high level scan of administrative penalties, administrative measures and criminal penalties indicates that penalties throughout Member States are, with the exception of administrative measures, hardly comparable:

· Administrative measures: in general the order for appropriate measures and warning letters are commonly incorporated in the legislation of Member States.

· Administrative penalties: in general two types of administrative penalties are commonly incorporated in the legislation of Member States:

o Administrative fines: the range in administrative fines is very large e.g. in the Netherlands and in Belgium, fines up to 4.000.000 EUR and EUR 1.250.000 are possible; in Estonia and Italy, fines can only amount to a maximum of 500.000 croon (31.955 EUR)[164] and 50.000 EUR.

o Other administrative penalties: the possibility to suspend or revoke a licence and/or impose a public warning are retrieved commonly throughout Member States.

· Criminal sanctions: both imprisonment sentences and/or fines are found throughout the Member States:

o Imprisonment sentences are foreseen in for example: Denmark, Greece, Hungary, Ireland, Poland, Slovakia, the Netherlands and the United Kingdom. In Slovakia an imprisonment sentence up to 8 years is foreseen in case an unusual business operation was not reported in breach of a person’s duty[165].

o Fines are foreseen in for example: Estonia, Ireland Luxemburg, the Netherlands and the United Kingdom.

Publication and application of penalties in practice

In almost all Member States[166] penalties can be published and therefore penalties can be publicly available.

The publication is however not an automatism due to the fact that:

· In some Member States, the publication must be ordered separately (e.g. Belgium);

· In some Member States, the publication is only performed in case of the most serious infringements (e.g. Italy);

· In some Member States, the publication is directly related to the nature of the sanction itself (e.g. Spain).

Example: publication by separate order of publication (Belgium)

Article 40 AML Law

Without prejudice to other laws or regulations, the competent authority referred to in Article 39 may, in case of non-compliance by institutions or persons referred to in Articles 2, § 1, 3 and 4 of the Articles 7 to 20, 23 to 30 and 33 of this Law, with Regulation No 1781/2006 of the European Parliament and the Council of 15 November 2006 on information on the payer accompanying transfers of funds or with their implementing decrees:

1 °  publish, in accordance with terms it determines,  the decisions and measures it shall adopt;

2 ° impose an administrative fine of not less than 250 EUR and no more than 1.25 million EUR, equal after hearing the defence of the institutions and persons or at least having duly summoned them…

Example: publication only for the most serious infringements (Italy)

Article 57 AML Law

1. Unless the act constitutes a crime, failure to comply with the suspension measure referred to in Article 6(7)(c) shall be punished with a fine of from €5,000 to €200,000.

2. Failure to create the single electronic archive referred to in Article 37 shall be punished with a fine of from €50,000 to €500,000. In the most serious cases, taking account of the gravity of the violation inferred from the circumstances in which it occurred and from the value of the suspicious transaction that was not reported, the provision imposing the sanctions shall be accompanied by an order that the persons fined publish, at their own initiative and cost, the decree imposing the sanction in at least two newspapers distributed nationwide, of which one shall be a financial paper.

3. Failure to set up the customer register referred to in Article 38 or to adopt the recording procedures referred to in Article 39 shall be punished with a fine of from €5,000 to €50,000.

4. Unless the act constitutes a crime, failure to report suspicious transactions shall be punished with a fine of from 1 to 40 per cent of the amount of the non-reported transaction. In the most serious cases, taking account of the gravity of the violation inferred from the circumstances in which it occurred and from the value of the suspicious transaction that was not reported, the provision imposing the sanction shall be accompanied by an order that the persons fined publish, at their own initiative and cost, the decree imposing the sanction in at least two newspapers distributed nationwide, of which one shall be a financial paper.

5. Violations of the disclosure requirements in respect of the FIU shall be punished with a fine of from €5,000 to €50,000.

Example: publication which is directly related to the nature of the sanction (Spain)

Article 56 AML Law

1. For the commission of very serious offences, the following penalties may be imposed:

(a) Public reprimand.

(b) Fine between a minimum of EUR 150,000 and a maximum amount that may be imposed up to the highest of these figures: 5 percent of the net worth of the institution or person covered by this Act, twice the economic substance of the transaction, or EUR 1,500,000.

(c) In the case of institutions requiring administrative authorisation for their operation, withdrawal of this authorisation.

The penalty provided for in point (b), which will be compulsory in all events, shall be imposed simultaneously with one of those listed in points (a) or (c).

2. In addition to the applicable penalty to be imposed on the institution or person covered by this

Act for the commission of very serious offences, one or more of the following penalties may be imposed on those responsible for the offence, having held administrative or management positions in the entity:

(a) Fine for each of between EUR 60,000 and EUR 600,000.

(b) Removal from office, with disqualification from holding administrative or management positions in the same entity for a maximum period of ten years.

(c) Removal from office, with disqualification from holding administrative or management positions in any entity of those covered by this Act for a maximum period of ten years.

The penalty provided for in point (a), which will be compulsory in all events, may be simultaneously imposed with one of those listed in points (b) and (c).

The public availability of penalties in practice is limited. Moreover, throughout our surveys we have noticed that figures on the imposed penalties were practically never provided. Information on the facts on the infringements which gave rise to the penalties is also very scarce.

The fact that penalties are applied in practice is supported by a study from the Universita Degli Studi di Trento and the Universita Cattolica del Sacre Cuore (2007) [167].

Application in practice was also confirmed by a number of other indications:

· E.g. an Italian public layer sector stakeholder who reported that penalties are applied in practice in 2010. The Italian legal system has an extensive range of (criminal and administrative) sanctions to punish infringements of AML rules. The Bank of Italy, as supervisory authority, has made an extensive use of administrative sanctions, both pecuniary and coercive (e.g., prohibitions, bans, etc.), following to controls on supervised entities.

· A desk research on the number of imposed penalties[168] and reports from other stakeholders confirmed as well that penalties are applied in practice throughout Member States[169].

Contrary to the above, the FATF reported with regard to a Member State where (only) a low number of warning letters were sent by the supervisor (supervisor over a very large number of controlled entities) and in the absence of administrative fines, that it is unlikely that there is such a very high level of compliance with AML/CFT measures.

Effect of penalties

Almost all public layer sector stakeholders reported that the available sanctions are sufficient and proportionate to the severity of the breach e.g.:

· In Germany, a stakeholder emphasized the importance of administrative sanctions and measures for the supervisory authorities.

· In Hungary, a stakeholder reported that in its own experience the existing range of sanctions and measures is appropriate to the level of actual threat.

· In Luxemburg, it was reported that the severity of the penalties would be increased in a new draft law.

· In Poland, a stakeholder reported that penalties should have a deterrent effect and therefore the penalties must be severe. The same stakeholder confirmed that this is the case in Poland.

· In Portugal, a stakeholder quoted the background of the national sanctions: the range of sanctions has been proposed by a working group with representatives from the supervisory authorities, the Finance Ministry, the Justice Ministry and the FIU, with the aim to ensure its effectiveness, taking also into due account existing administrative sanctioning regimes.

· In Slovakia, a stakeholder reported that the penalties are proportionate and dissuasive as the range of sanctions provides for an adequate supervisory response to the existing legal infringements and cases of non-compliance. In each case the following elements are considered: the severity, if the breach has occurred repeatedly, for how long the law has been violated and all other relevant circumstances.

· In Slovenia, it was reported that during the fourth round of Moneyval evaluation it was noted that the level of fines in Slovenia is significantly higher than in many of the surrounding countries (of Slovenia's immediate neighbours only Italy applies higher level of fines for legal persons).

· In the United Kingdom, a stakeholder is of the opinion that the range of sanctions available is appropriate and proportionate. Sanctions under the Regulations complement criminal sanctions for the principal money laundering offences in the Proceeds of Crime Act.

Covered entities who gave an opinion on this matter (all non-financial professions) clearly have different views. Some stakeholders indicated that the available sanctions are not proportionate to the severity of the breach. Others have indicated the opposite.

· In Germany and in Cyprus, stakeholders reported that due to the wide range of administrative sanctions, a suitable penalty can be imposed in every case.

· In Ireland, a stakeholder reported that it considers the sanctions to be excessive in the relation professional - client;

· In Poland, a stakeholder reported that the sanctions are certainly dissuasive due to the disproportionate criminal sanctions;

· In Spain, a stakeholder reported that the sanctions are extremely severe;

· In the United Kingdom, different stakeholders commented on the existing criminal sanctions expressing the opinion that the criminal sanctions are disproportionate. Some respondents question the fact whether the regime itself has led to more convictions of principal offenders. 

In a very recent report from HM Treasury (United Kingdom)[170] on the review of money laundering regulation, the following was stated regarding the effect of criminal sanctions:

“Many believe that the threat of a criminal penalty under the Regulations discourages a risk based approach and encourages businesses and Money Laundering Reporting Officers to adopt a zero tolerance policy. However there some responses make the case for the continued provision of a criminal penalty, including the deterrence effect and the opportunities provided for supervisory and law enforcement activity.”

ANNEX IX: Comparison of EU Member States' rules implementing AML rules to casinos and the gambling sector

Obligations only upon casino operators || Obligations upon casino operators and other gambling operators

Austria || Bulgaria (Casinos, bingo halls, lotteries, sport totalizators, etc.)

Belgium || Estonia  (“Organizers of games of chance”)

Czech Republic || Finland (“Any gaming operator and supplier of gaming activities”)

Germany || Greece (“Casino enterprises, casinos operating on Greek ships, companies, organizations and other entities engaged in gambling activities as well as betting shops (agencies)”).

Hungary || France (Casinos, clubs, groups or companies in charge of games of chance, lotteries, betting, sport and horse race forecasts)

Malta || Ireland (Casinos and private members’ clubs)

Romania || Italy (Land based and online casinos, sport betting/forecasts and other gambling activities)(Casinos, online sport betting/forecasts)

The Netherlands || Latvia  (Lotteries and gambling)

United-Kingdom || Lithuania (“Companies offering gaming”)

|| Luxembourg (“Casinos and similar premises”)

|| Portugal (Casinos, betting and lottery operators)

|| Slovenia (Casinos, gaming halls, sport wagers, online games of chance)

|| Spain (Casinos, lotteries and other games of chance)

|| Sweden (Casinos, lotteries and other games of chance)

Source: Altius

[1]               The framework is described in section III.2

[2]              See Annex I Glossary

[3]              The Directive is part of a broader set of legislative measures aimed at the prevention of money laundering and terrorist financing (see section III.2. Box 2).

[4]               http://www.fatf-gafi.org/dataoecd/49/29/49684543.pdf

[5]              Final Study on the Application of the Anti-Money Laundering Directive, Deloitte, December 2010, http://ec.europa.eu/internal_market/company/docs/financial-crime/20110124_study_amld_en.pdf

[6]               In addition, 2 private sector stakeholder meetings were organised in 2011.

[7]              COM(2012) 168 final, Report on the application of Directive 2005/60/EC on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing, 11.04.2012.

[8]           The Joint Committee of the European Supervisory Authorities´ Sub Committee on Anti Money Laundering (AML Committee, AMLC) assists the European Supervisory Authorities in a supervisory capacity, to ensure a consistent implementation of the EU law.

[9]              EBA, ESMA and EIOPA’s report on the legal, regulatory and supervisory implementation across EU Member States in relation to the Beneficial Owners Customer Due Diligence requirements under the Third Money Laundering Directive [2005/60/EC], AMLTF/2011/05, http://eba.europa.eu/cebs/media/aboutus/News%20and%20Communications/JC_2011_096--AMLTF-2011-05---UBO-Report-.pdf

[10]             EBA, ESMA and EIOPA’s Report on the legal and regulatory provisions and supervisory expectations across EU Member States of Simplified Due Diligence requirements where the customers are credit and financial institutions under the Third Money Laundering Directive [2005/60/EC], AMLTF/2011/07, http://eba.europa.eu/cebs/media/aboutus/News%20and%20Communications/JC_2011_097-AMLTF-2011-07---SDD-report-.pdf

[11]             The “EU Financial Intelligence Units’ Platform” was set up in 2006 by the European Commission. It gathers Financial Intelligence Units from the Member States. Its main purpose is to facilitate cooperation among the FIUs.

[12]             On 11 February and 9 December 2011.

[13]             Report of the first meeting is available at: http://ec.europa.eu/internal_market/company/docs/financial-crime/20110218-report_en.pdf

[14]             While the Commission's minimum standard for consultation is 12 weeks, in this special case the period for consultation was shortened due to the urgent need to adopt proposals in 2012, ahead of the start of FATF's fourth round evaluation process, which will begin in 4th quarter 2013. Swift adoption of a Commission proposal is supported by Member States, and is the most effective way to provide clear guidance to Member States seeking to adapt their own frameworks in advance of the FATF's fourth round evaluation, and the best way of limiting the risk that Member States adopt national rules which might subsequently conflict with the revised EU rules. Although the consultation formally closed on 13 June, the Commission services took fully into consideration all responses received after the deadline (i.e. 15 responses).

[15]             Contributions will be available on the Commission website, unless confidentiality has been specifically requested.

[16]             Annex IV contains an analysis of the costs of compliance with the Third AMLD from the perspective of different types of financial institution.

[17]             Article 2 of Directive 2005/60/EC imposes obligations on financial institutions, auditors, external accountants, tax advisors, notaries and other legal professionals (when participating in any financial or real estate transaction), trust or company service providers, real estate agents and casinos. There is also an obligation on other natural or legal persons trading in goods where payment is made in cash equal to or above €15,000.

[18]             Article 3(6) of the Third AMLD defines “beneficial owner” as the natural person(s) who ultimately owns or controls the customer and/or the natural person on whose behalf a transaction or activity is being conducted

[19]             The technical terms used in this Impact Assessment are explained in the glossary in Annex I

[20]          In the case of listed companies, beneficial owners of pooled accounts held by notaries and other legal professionals, domestic public authorities, certain types of life insurance policies, insurance policies for pension schemes and pension schemes – subject to certain conditions, and electronic money below €250  on a pre-paid, non-rechargeable device, or below €2,500 in the case of rechargeable devices.

[21]             Estimating Illicit Financial Flows resulting from drug trafficking and other transnational organized crimes, UNODC, October 2011.

[22]             Between May 2004 and May 2007, wire transfers were made from Mexican currency exchange houses to Wachovia amounting to $373 Billion: there was no effective AML policy or procedure to monitor, detect and report suspicious wire transfers.

[23]             House of Lords European Union Committee, Money laundering and the financing of terrorism, 22 July 2009

[24]             Various sources: FATF Report on Terrorist Financing (February 2008), UN Monitoring Team Report on Al-Qaeda and the Taliban (August 2004) and the Home Office (UK)

[25]             Article 3(5)(f) of the Third AMLD.

[26]             See Eurostat Working Paper Money Laundering in Europe, http://epp.eurostat.ec.europa.eu/cache/ITY_OFFPUB/KS-RA-10-003/EN/KS-RA-10-003-EN.PDF. Further explanations about the Commission's efforts to measure the effectiveness of the AML framework are described in Annex VII.

[27]             Recent cases of money laundering in the United States highlight the scale of the problem. In August 2012, Standard Chartered Bank reached a settlement with US authorities amounting to US$ 340 million, while Barclays Bank is understood to have set aside US$ 700 million to meet expected fines. Further examples of money laundering cases are described in Annex V.

[28]             Estimating Illicit Financial Flows resulting from drug trafficking and other transnational organized crimes, UNODC, October 2011

[29]             According to the UNODC study, the problem appears not to be a lack of international instruments, but shortcomings in the implementation of existing instruments in a number of jurisdictions. For that reason, focus at international level is increasingly on the evaluation of effectiveness of the systems, as opposed to straightforward compliance. This will be a key aspect of the FATF's fourth round evaluation process.

[30]             See Annex VI for further information about international standard setters (FATF and Moneyval) and section IX on the evaluation process.

[31]             See FATF press release 16 Feb 2012, http://www.fatf-gafi.org/topics/fatfrecommendations/documents/fatfstepsupthefightagainstmoneylaunderingandterroristfinancing.html

[32]             For example in October 2010, Greece along with a number of other countries, was placed on the FATF website, in the public statement under the title “Improving Global Compliance: on-going process”. This resulted in administrative costs for the credit institutions established in Greece increasing -  especially in the field of correspondent banking.  The reputational effects of Greece’s "grey listing" were most evident in the correspondent banking area. Correspondent  banks,  in isolated cases,  lifted the simplified due diligence status for Greek banks. In some cases, following guidance from  their supervisors or in accordance to their own internal policies,  correspondents of Greek banks:

· sought  KYC(Know-your-customer) information from their respondents’   major shareholders/senior management;,

· declined to consider Greek banks as eligible third parties for the purpose of carrying out  CDD  for their  local customers on their behalf;

· requested completion of  “extended” Wolfsberg Group Questionnaires ; or

· required  extra documentation for  specific fund tranfers or trade financing transactions to which they had been involved.  

[33]             This term is described in the glossary in Annex I

[34]             Article 3(5)(f) of the Third AMLD.

[35]             Indirectly however certain tax crimes are implicated through Article 3(5)(d) of the Third AMLD, which refers to "fraud, at least serious, as defined in Article 1(1) and Article 2 of the Convention on the Protection of the European Communities' Financial Interests. The issue of how to improve responses to tax fraud is further considered in a Commission Communication adopted in June 2012: " Communication on concrete ways to reinforce the fight against tax fraud and tax evasion including in relation to third countries (COM(2012) 351 final)".

[36]          Article 3(8) of the Third AMLD defines “politically exposed persons” as natural persons who are or have been entrusted with prominent public functions and immediate family members, or persons known to be close associates, of such persons.

[37]             Article 8(1)(b) of the Third AMLD requires, with respect to CDD obligations, identification of the BO and risk-based and adequate measures to be taken to verify his identity,

[38]             Commission Communication: "The EU Internal Security Strategy in Action: Five steps towards a more secure Europe", COM (2010)673 final.

[39]             http://ec.europa.eu/internal_market/company/docs/financial-crime/3rd-country-common-understanding_en.pdf

[40]             Other risk factors are: customer risk,  product, service, transaction or delivery channel.

[41]                             The Commission has been made aware of these issues either because they have been highlighted in the Deloitte study, or as a result of contacts with (private and public) stakeholders.

[42]             Art. 33 of the Third AMLD sets out the minimum statistical requirements that Member States are obliged to collect.

[43]             See Eurostat Working Paper Money Laundering in Europe, http://epp.eurostat.ec.europa.eu/cache/ITY_OFFPUB/KS-RA-10-003/EN/KS-RA-10-003-EN.PDF

[44]             EBA, ESMA and EIOPA’s Report on the legal, regulatory and supervisory implementation across EU Member States in relation to the Beneficial Owners Customer Due Diligence requirements under the Third Money Laundering Directive, AMLTF/2011/05, April 2012.

[45]             Certain Member States consider that the ultimate beneficial owner (“UBO”) is the person(s) who owns/controls at least 25% of the customer, whilst other Member States interpret the UBO as the person(s) that owns/controls at least 25% of the customer, or of any entity that owns at least 25% of the customer. Other aspects of the definition give rise to uncertainties or different interpretations by Member States, in particular what “otherwise exercises control" over the corporate entity means in Article 3.

[46]             Article 8.1b of the Third AMLD states that Customer Due Diligence shall comprise “identifying, where applicable, the beneficial owner and taking risk-based and adequate measures to verify his identity so that the institution or person covered by this Directive is satisfied that it knows who the beneficial owner is, including, as regards legal persons, trusts and similar legal arrangements, taking risk-based and adequate measures to understand the ownership and control structure of the customer;”

[47]             In October 2011, the Commission services published a staff working paper entitled “Commission staff working paper on Anti-money laundering supervision of and reporting by payment institutions in various cross-border situations”, SEC (2011) 1178 final, http://ec.europa.eu/internal_market/company/financial-crime/index_en.htm#report. The paper seeks to clarify how host state AML supervisory responsibilities resulting from the Third AMLD are to be understood in the context of home state supervisory responsibilities stemming from the Payment Services Directive.

[48]             See Annex VIII describing the differences between EU Member States' sanctions and penalties for non-compliance with AML/CFT rules. 

[49]          For example, the Deloitte study (P.132) refers to  an FATF report with regard to one EU Member State where (only) a low number of warning letters were sent by the supervisor (supervisor over a very large number of controlled entities) and concluded that in the absence of administrative fines, that it was unlikely that there was such a very high level of compliance with AML/CFT measures,

[50]             See Annex IX, which illustrates the different coverage of MS laws in relation to casinos and the gambling sector.

[51]             Money Laundering through the Football Sector- July 2009.

[52]             Article7(b)

[53]             See stakeholder response of Syndicat Saint Eloi (http://ec.europa.eu/internal_market/company/financial-crime/received_responses/responses-to-the-consultation/syndicat-saint-eloi_fr.pdf):  over the course of 2011, 715 attacks were recorded against jewellery shops or precious metal dealers, as a result in the strong increase in the price of precious metals. In the absence of common thresholds for CDD, criminals can easily circumvent stricter national laws by crossing borders and laundering the proceeds of their crimes without any need for identification if the value of the transaction is below the €15,000 threshold.

[54]             Since 16 April 2012. As of 1 January 2014, this level will be further reduced to €3,000 euro for the sale of goods and service provision.

[55]             Article 11a of the Law on the Measures against Money Laundering.

[56]             Section 2 of Act on Measures to Prevent Money Laundering and Financing of Terrorism. 

[57]             Article D112-3 j. L112-6 of Monetary and Financial Code.

[58]             Article 12(1) of d.lex 201/2011.

[59]             Government Ordinance 15/1996.

[60]             Article 37 of Prevention of Money Laundering and Terrorist Financing Act

[61]             Council Decision 2000/642/JHA of 17 October 2000 concerning arrangements for cooperation between financial intelligence units of the Member States in respect of exchanging information.

[62]             The “EU Financial Intelligence Units’ Platform” was set up in 2006 by the European Commission. It gathers Financial Intelligence Units from the Member States. Its main purpose is to facilitate cooperation among the FIUs. .

[63]             Commission Staff working paper on “Compliance with the AML Directive by cross-border banking institutions at group level” SEC (2009) 939 of 30 June 2009. http://ec.europa.eu/internal_market/company/docs/financial-crime/compli_cbb_en.pdf

[64]             There is a clear link to problem driver 1, as the new FATF standards introduce a requirement (which largely mirrors work carried out by the Basel Committee on Banking Supervision) that financial groups must implement group-wide programmes against money laundering and terrorist financing, including policies and procedures for sharing information within the group.

[65]             Opinion 14/2011 of Article 29 WP.: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp186_en.pdf

[66]             See the Commission's data protection proposals (COM(2012) 11 final) and (COM(2012) 10 final). http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm

[67]             Countries go to great lengths to maintain high international standing with respect to their AML/CFT regimes, and suspicions of money laundering within a financial system can be hugely detrimental to investor confidence, and the willingness of foreign counterparts to engage in business transactions; this explains why in almost all cases, criticisms or public listing by the FATF are met with swift remedial responses.

[68]          For example, different thresholds for applying customer due diligence in the case of cash transactions create vulnerabilities, e.g. lower thresholds are in place in some Member States aimed at controlling the sale of precious metals or stones and requiring identification of the seller. Criminals seeking to launder the proceeds of stolen goods can easily cross borders and sell the goods without the need for identification.

[69]          Except in the case of Dimension 10 (Home and Host Supervisory Responsibilities for AML), where the alternative option is in fact the baseline scenario.

[70]          The choice of a €7,500 threshold is explained by simply halving the existing threshold. 9 Member States currently apply thresholds below the existing €15,000 stipulated in the Directive, of which 4 Member States apply thresholds below €7,500. The expected impact on traders of a reduction of the threshold would not be to increase costs, but rather to substantially reduce the number of transactions taking place using cash - to the advantage of other payment means (which may carry some additional costs – e.g. fees related to a credit card transaction). The impacts associated with the application of different thresholds (e.g. €10,000, €5,000) have (in the absence of available data) not been assessed, however it is reasonable to assume that they would not reveal significant differences with respect to the likely costs incurred by traders. There would however be different impacts on the number of cash payments, according to the chosen threshold.

[71]             Europe Economics: Study on the Cost of Compliance with Selected FSAP Measures, 5 January 2009.

[72]             The study examined six directives: the Prospectus Directive, the Financial Conglomerates Directive, the Capital Requirements Directive, the Transparency Directive, the Markets in Financial Instruments Directive – MiFID and the AML Directive.

[73]             However, an important consideration is that the costs of complying with AML measures in a non-harmonised environment would most likely be higher, particularly for cross-border businesses.

[74]             Information obligations are the obligations arising from regulation to provide information and data to the public sector and / or third parties

[75]             A data requirement is each element of information that must be provided in complying with an information obligation

[76]             To provide the information for each data requirement a number of specific administrative activities have to be carried out. Activities may be done internally or be outsourced

[77]             See Annex IX: Comparison of EU Member States’ rules implementing AML rules to casinos and the gambling sector

[78]             Where information is available, cost quantification is provided on the basis of specific examples. In all cases, impacts are subjectively estimated in terms of "high", "medium" or "low" impacts. In a small number of cases, impacts can be positive – hence each impact is also measured according to its +/- implications.

[79]             Elements of costs associated with the implementation of the Third AMLC are provided in sections VI.1 and VI.2

[80]             The UK Law Society has provided some estimates of the costs of compliance with respect to putting in place risk assessment procedures:

•              With respect to the need to review existing procedures/policies/risk assessment and update them, provide training to relevant staff, including those in the regulated sector as well as the specialist compliance staff and ensure that any system changes are implemented: if it took an MLRO, on a salary of £60,000 pa, one week to review the revised requirements and implement them, without taking into account the training costs/lost fee earning time, the cost incurred would be about £1,200 per firm.

•              For smaller firms, the task is likely to be more onerous as their existing risk-based procedures may be less sophisticated and may need more work to ensure they are sufficiently robust. As a supervisor, the Law Society is committing to assisting firms to meet their obligations and is in the process of developing an AML/CFT toolkit to complement our AML/CFT practice note. Such toolkits issued by the Law Society in other areas generally retail for £60 and should be able to be tailored to the firm within a day. Using the same approach as above, the cost incurred would be £240 plus £60 i.e. £300. There are about 8,500 firms of between 1 to 4 partners giving a total cost of about £2.5m for that sector.

[81]             Source: draft final report by Matrix Insight on the study on the application of the Regulation on information accompanying transfers of funds. For example, in UK, the number of visits undertaken in 2010 to non-bank PSPs specifically related to AML/CFT and the Fund Transfers Regulation (FTR) amounted to 1,964, resulting in 396 warning letters. However this figure is substantially higher than compared to other jurisdictions (for which information was available). In no other case did the number of on-site visits exceed 50.

[82]             The European Casino Association

[83]             E.g. second hand car dealers, dealers in precious metals and stones, auction houses, etc.

[84]             Information provided by Matrix Insight consultants, in the context of their study on the application of the Regulation on information accompanying transfers of funds

[85]                    http://www.europarl.europa.eu/charter/pdf/text_en.pdf

[86]             CJEU, judgment of 9.11.2010 in joined cases C-92/09 and 93/09, Schecke.

[87]          The principles of necessity and proportionality are also required by Article 8 of the Charter and Article 16 of the Treaty on the

 Functioning of the European Union)

[88]          ECJ C305/05, Ordre des barreaux francophones et germanophones et al. V Conseil des Ministres, Para 33, Judgment of the Court, 26 June 2007.

[89]             See Option 13 in Annex III

[90]             Based on the survey conducted by the Deloitte study, this is the case for a number of national professional associations (notaries, bar associations, etc.). For example, in the case of Spanish notaries a centralised unit has been set up by the General Council of Notaries aimed at preventing and combating ML-FT by integrating and compiling information on transactions performed before all notaries and automating treatment of information (red flags, patterns, etc.).

[91]             For example in the case of the UK Law Society, which acts as a self-regulatory body, assistance provided to firms to meet their obligations. They are in the process of developing an AML/CFT toolkit to complement their AML/CFT practice note. Such toolkits issued by the Law Society in other areas generally retail for £60 and should be able to be tailored to the firm within a day. Using the same approach as above, the cost incurred would be £240 plus £60 i.e. £300. There are about 8,500 firms of between 1 to 4 partners giving a total cost of about £2.5m for that sector.

[92]             Reference Guide to Anti-Money Laundering and Combating the Financing of Terrorism Second Edition and Supplement on Special Recommendation IX, The World Bank/IMF, 2006.

[93]             Europe Economics: Study on the Cost of Compliance with Selected FSAP Measures, 5 January 2009.

[94]             This is further explored in Annexes V.7 and IX.

[95]             Official Journal of the European Union, C 115/1, 4.5.2010.

[96]             Commission Communication: "The EU Internal Security Strategy in Action: Five steps towards a more secure Europe", COM (2010)673 final.

[97]             Proposal for a Directive  on the freezing and confiscation of proceeds of crime in the European Union, COM(2012) 85 final

[98]             See the Commission's data protection proposals (COM(2012) 11 final) and (COM(2012) 10 final). http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm

[99]             Reinforcing sanctioning regimes in the financial services sector (COM(2010) 716 final)

[100]            See "Anti-money laundering and terrorist financing measures and Financial Inclusion", FATF, June 2011

[101]            See two AMLC reports of 11 April 2012 on the implementation of the third AML Directive. The “Report on the legal, regulatory and supervisory implementation across EU Member States in relation to the Beneficial Owners Customer Due Diligence requirements” and the "Report on the legal and regulatory provisions and supervisory expectations across EU Member States of Simplified Due Diligence requirements where the customers are credit and financial institutions” provided an overview of the legal and supervision framework.

[102]            Such a study was commissioned in order to assess the application of the current  Directive : Final Study on the Application of the Anti-Money Laundering Directive, Deloitte, December 2010

[103]            Further explained in section III.4.1

[104]            These statistical indicators need to be treated with caution as they can also mean an increase in criminal activity or increased resources within the police, judicial or supervisory bodies.  

[105]            The two AMLC reports of 11 April 2012 above-mentioned sought to identify differences in the implementation of the Directive.

[106]            It will be important to set an appropriate timeframe for the production of such a report, as the period of 4 years following the adoption of the Third AMLD to evaluate the application of the Directive proved to be too short to obtain qualitative and quantitative information about the impact of the Directive in all areas concerned

[107]            The goal of the Egmont Group is to provide a forum for FIUs around the world to improve cooperation in the fight against money laundering and financing of terrorism and to foster the implementation of domestic programs in this field

[108]         In March 2012, the European Commission took steps to update this framework by adopting a proposal on the freezing and confiscation of proceeds of crime in the European Union. The proposal seeks to ensure that Member States have in place an efficient system to freeze, manage and confiscate criminal assets, backed by the necessary institutional setup, financial and human resources (see Proposal for a Directive  on the freezing and confiscation of proceeds of crime in the European Union, COM(2012) 85 final).

[109]            Article 3.5 of the Third AMLD sets out a range of serious crimes that are considered to be criminal activities, and includes a general provision with respect to all other offences which carry a punishment imprisonment based on a maximum/minimum threshold

[110]            Commission Communication: "The EU Internal Security Strategy in Action: Five steps towards a more secure Europe", COM (2010)673 final.

[111]            European Parliament Resolution of 15 September 2011 on the EU's efforts to combat corruption. It  called for rules to “make the fight against anonymous shell companies in secrecy jurisdictions (…) a key element of the upcoming reform of the Anti-Money Laundering Directive

[112]         In the case of express trusts, in accordance with the international standards, there should be a requirement to identify the settlor, trustee, protector, the beneficiaries or class of beneficiaries and any other natural person exercising ultimate effective control over the trust, and to hold that information.

[113]                     ISSN 1977-0375, Eurostat Methodologies and Working Papers, Cynthia Tavares, Geoffrey Thomas and Mickaël Roudaut, 2010 edition.

[114]         Commission's data protection proposals (COM(2012) 11 final) and (COM(2012) 10 final). http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm

[115]         Opinion 14/2011on data protection issues related to the prevention of money laundering and terrorist financing, 01008/2011/EN, WP 186, 13 June 2011, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp186_en.pdf

[116]         The choice of a €7,500 threshold is explained by simply halving the existing threshold. 9 Member States currently apply thresholds below the existing €15,000 stipulated in the Directive, of which 4 Member States apply thresholds below €7,500. The expected impact on traders of a reduction of the threshold would not to increase costs, but rather to substantially reduce the number of transactions taking place using cash - to the advantage of other payment means (which may carry some additional costs – e.g. fees related to a credit card transaction). The impacts associated with the application of different thresholds (e.g. €10,000, €5,000) have (in the absence of available data) not been assessed, however it is reasonable to assume that they would not reveal significant differences with respect to the likely costs incurred by traders. There would however be different impacts on the number of cash payments, according to the chosen threshold.

[117]            See CRA International (2009), p.13. According to the KPMG survey of 2007, a range of European banks estimated that their AML compliance costs increased by 58% over the 2004-2007 period. This survey also predicts that costs will grow at a slower rate in the following years: indeed European banks expect these costs to increase by 27% between 2007 and 2010. This survey underlines the difficulty of estimating AML costs as they may be spread across many different functions (operations, compliance, risk) or regions, involve direct and indirect costs, and overlap with processes that are embedded in normal business practice (e.g. credit risk or customer relationship management). This survey does not make a distinction between one-off and on-going costs of compliance. See KPMG (2007), p.14 and seq.

[118]            Europe Economics (2009). The survey concentrated on firms from four sectors within the financial services industry in the EU: banks and financial conglomerates, asset managers, investment banks and financial markets. The six directives concerned are the so-called Prospectus Directive, the Financial Conglomerates Directive, the Capital Requirements Directive, the Transparency Directive, the Markets in Financial Instruments Directive – MiFID and the AML Directive. These measures were part of the Commission’s Financial Services Action Plan (FSAP) of 1999 (the so-called 3rd AML Directive of 2005 replaced in the meantime the precedent, second, AML Directive of 2001 which was the measure addressed in the FSAP).

[119]            Ibid., §2.14. For an explanation of the methodology of this study, see: section 2; the introductions to sections 4 and 5; as well as Appendix 1 of the final report.

[120]            Ibid., §15 and seq..

[121]            Source: Europe Economics (2009), tables 4.1, 4.2 and 4.3.

[122]            The middle value in a series of data points arranged sequentially. The sequence from which this median has been selected is based upon the estimated one-off costs of compliance expressed as a percentage of the relevant firm’s more recent operating expenditure.

[123]            Aggregate one-off costs of compliance expressed as a percentage of the relevant firms’ aggregated most recent operating expenditure. This implies that the experience of the larger firms will carry more weight in the sample presented.

[124]            Including other FSAP measures and other financial services regulation, whether EU, nationally or extra-territorially derived.

[125]            Ibid., §4.10. The study also provides further breakdowns of costs, per size and geographical origin. See §4.20 to 4.25 and 4.93 to 4.94.

[126]            Ibid., §4.12 in fine. The non-EU regulation costs are reflected in the study, on an aggregated basis, in the total costs.

[127]            Financial markets (e.g. stock exchanges operators) are not directly subject to the obligations of the AML Directive. But in order to allow for comparisons, their costs are also shown in Table IV.1.

[128]            Ibid., tables 4.1, 4.2 and 4.3. The impact of MiFID costs doubles those of the AML Directive, while CRD accounts for more than half of the total financial services regulatory compliance.

[129]            Ibid., §§4.14 to 4.17. This is also confirmed by the KPMG survey of 2007. See KPMG (2007), p.53.

[130]            See generally, Ibid., §§4.57 to 4.62, and §§4.106 to 4.107.

[131]            Ibid., §§4.58 and 4.59.

[132]            A different survey carried out in 2007 by a consultancy firm found that transaction monitoring is the single greatest area of AML expenditure for banks. See KPMG (2007), p.16 and 33.

[133]            Europe Economics (2009), §§4.57 and 4.60.

[134]            Respondent banks estimated the areas of greatest AML expenditure according to the following categories (the ranking is based on a maximum score of 5 for ‘very strong impact’ and a minimum score of 1 for ‘no impact’): enhanced transaction monitoring (4.1); greater provision of training (3.4); sanctions compliance (3.4); remediation of KYC documentation for existing customers (3.3); transaction ‘look-bank’ reviews (3.2); increased external reporting requirements 3.2); introduction of global procedures (3.0); more complex account-opening procedure (3.0); and increased internal reporting requirements (2.8). See KMPG (2007), p.16.

[135]            Europe Economics (2009), §4.62.

[136]            The study also provides further breakdowns of costs, per size and geographical origin. See §§5.12 to 5.17 and 5.62.

[137]            Financial markets (e.g. stock exchanges operators) are not directly subject to the obligations of the AML Directive. But in order to allow for comparisons, their costs are also shown in Table IV.4.

[138]            The middle value in a series of data points arranged sequentially. The sequence from which this median has been selected is based upon the estimated ongoing costs of compliance expressed as a percentage of the relevant firm’s more recent operating expenditure.

[139]            Aggregate ongoing costs of compliance expressed as a percentage of the relevant firms’ aggregated most recent annual operating expenditure. This implies that the experience of the larger firms will carry more weight in the sample presented.

[140]            Including other FSAP measures and other financial services regulation, whether EU, nationally or extra-territorially derived.

[141]            See generally, Ibid., §§5.34 to 5.40 and §5.69.

[142]            Interviewees in the study were not in agreement as to whether the AML Directive increased the intensity of training required — i.e. whether or not the duration of the training sessions increased or were rolled out to a broader set of employees. See Ibid. §5.36.

[143]            Some participants remain sceptical about e-learning generally. It is seen by such firms as a “quick fix”, in essence allowing maximum access to training for more people in less time. However, these firms considered it inevitable that it would require supplementation by more traditional (and more expensive) classroom-based approaches. See Ibid. §§5.37 and 5.38.

[144]         Statistics on Consolidated Banking Data, European Central Bank, reference end-June 2011 and end-June 2010

[145]            Source: "EU Banking Sector: The world’s largest banking system in the world’s largest economic space. Facts and Figures 2011/2012, European Banking ", European Banking Federation.

[146]            Source: The United States Attorney's Office, Southern District of Florida, Press Release, March 17th 2010

[147]             Source: European Central Bank,  Payments statistics - INSTITUTIONS OFFERING PAYMENT SERVICES TO NON-MFIS

[148]            According to the E-Money Association

[149]            Source: European Central Bank - payment and terminal transactions involving non-MFIs, total number of transactions: 5. E-money purchase transactions

[150]            Information retrieved from MasterCard comments to the Commission on the Third AML Directive.

[151]            European Commission, impact assessment accompanying the proposal for a Directive amending Directive 2006/43/EC on statutory audits of annual accounts and consolidated accounts: Annex 3 –Approved statutory auditors and audit firms, SEC(2011) 1384 final.

[152]            Source: Notaires d'Europe

[153]            Council of Bars and Law Societies of Europe, CCBE Brochure 2010, Nombre d'avocats dans les pays membres 2008.

[154]            Source  - meeting report with lawyers and notaries on 24 May 2012

[155]            Source European Casino Association response to the European Commission questions relating to the review of the third Anti Money Laundering Directive, 3 October 2011.

[156]            Source: Eurostat, Real estate, renting and leasing statistics - NACE Rev. 1.1, 2009 data

[157]            Source: FATF report: The misuse of corporate vehicles, including trust and company service providers (2006)

[158]            BE, DK, DE, GR, ES, FR, IE, IT, LU, NL, AT, PT, FI, SE, UK

[159]            Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism.

[160]            BG, CZ, EE, CY, LV, LT, HU, MT, PL, RO, SI, SK

[161]                            ISSN 1977-0375, Eurostat Methodologies and Working Papers, Cynthia Tavares, Geoffrey Thomas and Mickaël Roudaut, 2010 edition.

[162]            This research is funded by the European Commission's "Prevention of and Fight against Crime (ISEC) Programme (no. of the project JLS/2009/ISEC/AG/087)

[163]         Extract from the study by Consultants Deloitte on the application of the Anti-Money Laundering Directive, Section 3.16: Penalties, January 2011.

[164]           As of 1.1.2011, the amount will be set at 32.000 EUR.

[165] According to article 234 of the Penal Code.

[166] No publication possibilities were reported in Bulgaria, Czech Republic, Germany, Latvia, Slovenia

[167] Report on Cost Benefit of Transparency Requirements in the Company/Corporate Field and Banking Sector Relevant for the Fight Against Money Laundering and Other Financial Crime (2007), 103 (available at: http://transcrime.cs.unitn.it/tc/fso/publications/CBA-Study_Final_Report_revised_version.pdf) .

[168] A high level scan of recent FATF and Moneyval country reports and recent reports from FIUs was performed.

[169] Hungary (penalties imposed for an amount of 1 100 000 HUF in 2009), Slovakia (30 imposed penalties in 2009), Sweden (in 2008: 2 banks were sanctioned with a fine of 50 million SEK for major non-compliance, source FATF report Sweden 2010, p. 14) Poland (16.000 PLN in 2010), Romania (Non financial banking institutions – 200 000 RON; Companies – 50 000 RON, Real estate sector – 37 000 RON Auditors – 15.000 RON in the period 2009-2010).

[170]  Review of the Money Laundering Regulations: summary of the call for evidence (March 2010) – HM Treasury, p. 12