Country

Exports

Imports

Total

EU

1 791 534

1 727 125

3 518 659

China

170 484

350 424

520 909

United States

371 223

248 437

619 660

Japan

56 550

59 768

116 318

Product

Cash couriers / cross external border cash movements

General description of the sector and related product/activity concerned

This assessment covers the supranational risks – i.e. cash entering/leaving the European Union at the EU external borders.

The Cash Control Regulation establishes a uniform EU approach towards cash controls based on a mandatory declaration system. If a natural person entering or leaving the EU (including transiting) transports cash of a value of EUR 10 000 or more, he/she must declare these funds. The EUR 10 000 threshold is considered high enough not to burden the majority of travellers and traders with disproportionate administrative formalities. However, when there are indications of illegal activities linked with movements of cash lower than EUR 10 000, the collecting and recording of information related to these movements is also authorised. This provision was introduced in order to limit the practice of 'smurfing' or 'structuring', the practice of deliberately carrying amounts lower than the threshold with the intention to escape the obligation to declare (e.g. splitting the amount between different connected persons from a same group/family).

The Cash Control Regulation is aimed at aligning EU legislation with the requirements of the FATF's Recommendation 32 on cash couriers and with the highest global AML/CFT standards. The definition of cash in the Cash Control Regulation matches the definition used by the FATF for Recommendation 32 on cash couriers and includes:
¬Currency, i.e. banknotes and coins that are in circulation as a medium of exchange.
¬Bearer-negotiable instruments (BNI)

As the Cash Control Regulation mirrors the definition of 'cash' used in the supra-national standard (FATF recommendation 32), gold, precious metals or stones, electronic cash cards and casino chips are currently not included in the definition of cash.

Statistics: On average, 100 000 cash control declarations are submitted annually in the EU, representing a total amount declared between 60-70 billion Euro. While amounts of undeclared or incorrectly declared cash which have been detected by authorities are highly variable (240 Mio – 1.5 billion Euro/year), on average approximately 300 Mio Euro per year is detected following controls. Statistics show a sustained, high level of cash declarations over the years and also a significant increase in the number of recordings at the EU border in recent years. It is difficult to pinpoint the exact combination of reasons behind these trends based on the available data.

General comment (where relevant)

This risk scenario is intrinsically linked to use of/payment in cash and to high value denomination banknotes risk scenario.

Criminals or terrorist financiers who generate/accumulate cash proceeds seek to aggregate and move these profits from their source, either to repatriate funds or to move them to locations where one has easier access to placement in the legal economy.

The characteristics of such locations are a predominant use of cash, more lax supervision of the financial system or stronger bank secrecy regulations. It may also be used by terrorists to transfer rapidly and safely funds from one location to another, including by using cash concealed in air transit.

Cash couriers may use air, sea or rail transport to cross an EU external border. In addition, cash may be moved across external borders unaccompanied such as in containerised or other forms of cargo, or concealed in mail or post parcels. If perpetrators wish to move very large amounts of cash, often a valuable option is to conceal it in cargo that can be containerised or otherwise transported across borders.

Perpetrators may also use sophisticated concealment methods of cash within goods which are either carried across the external border by a courier or are sent by regular mail or post parcel services. Although unaccompanied consignments tend to be smaller than those secreted within vehicles, or on the person of cash couriers, the use of high denomination banknotes can still result in seizures of significant value.

Threat    

Terrorist financing

The assessment of the TF threat related to cash couriers/unaccompanied cash movements shows that terrorist groups have made use of various techniques to move physical cash across the external borders, particularly in the case of larger organisations.

This threat is particularly relevant for cash couriers from the EU to third countries. LEAs have seized large amounts of money in conflicts zones that was supposed to finance terrorist organisations. In addition, cases have been identified where (prospective) foreign terrorist fighters doubled as cash couriers to fund their travels and sojourn in conflict areas. These individuals typically carry lower amounts that are more difficult to detect and may not be subject to an obligation to declare incumbent on natural persons carrying EUR 10 000 Euro or more is cash. As it allows for anonymity, this modus operandi is perceived as attractive and fairly secure, despite still carrying some risks. That is the reason why this modus operandi shall also be considered in conjunction with the analysis of high denomination banknotes. The more high denomination banknotes are used, the easier the cash transportation is – although risks associated with acquiring high denomination notes (not readily available) may not outweigh the benefit of additional compactness. Cash transportation is a recurring modus operandi for terrorist groups in Syria / ISIL occupied territories – although the average amounts carried by a foreign fighter leaving the EU may not be significant compared to locally available funds.

The threat of cash transportation into the EU from a third country may also exist, in particular from countries exposed to TF risks or conflict areas (e.g. cash couriers from Syria, Gulf region, Russia into the EU have been reported). There are limited indications of high-value movements of cash into the Union (i.e. much in excess of the declaration threshold) for the purposes of terrorism financing. Cases have been identified concerning lower amounts and involving integration of cash amounts carried from third countries into the financial system/legal economy of the EU (analysed in a separate fiche).

From a perpetrator risk-management perspective, sending cash through post or freight consignments, using multiple consignments each containing lower amounts presents a theoretically attractive option as there is no courier physically crossing the external border carrying the cash who could be intercepted. While customs controls may take place, these do not allow for the capture of all relevant data.

Finally, perpetrators may also have an incentive to convert cash in other types of anonymous assets which are not subject to cash declarations (gold, prepaid cards - covered by separate fiche).

Conclusions: LEAs have gathered evidence that cash couriers are recurrently used by terrorist groups to finance their activities or fund FTF travels. Similarly to the analysis conducted on cash, the use by criminal elements or terrorist financiers of cash couriers present advantages since this modi operandi is easily accessible, with no specific planning or expertise required. In that context, the level of TF threat related to cash couriers is considered as very significant (level 4).

Money laundering

The assessment of the ML threat related to cash couriers presents some commonalities with TF threats. Organised crime organisations also recurrently make use of cash couriers for the same reasons: easily accessible, no expertise, no planning and low cost. This modus operandi is very attractive for organised crime since it offers an alternative vs. the use of the formal financial sector to move funds while allowing full anonymity. Numerous cases of suspicious cash transports have been reported by law enforcement authorities (either in connection with predicate offenses to money-laundering such as drug trafficking and other serious crimes or as separate incidents).

Similarly cases were reported for other types of cash-like instruments (gold, anonymous prepaid cards), which are outside the scope of this fiche (see separate fiches).

Since specific controls are focusing on physical transportation by natural persons, perpetrators may find sending cash by post/freight/shipping more attractive and more secure. There is anecdotal evidence that this modus operandi was used but the size of the problem is difficult to quantify (see IA on CCR revision).

Conclusions: the level of ML threat related to cash couriers is considered as very significant (level 4)

Vulnerability

Terrorism Financing

(a) risk exposure:

The assessment of the TF vulnerability related to cash couriers shows that due to the nature of cash, the use of cash couriers allows significant volumes of transactions/transportation to take place speedily and anonymously.

The cross-border aspect of this modus operandi increases the risk to involve geographical areas identified as high risks.

(b) risk awareness:

The legislation in place (mandatory cash declarations by natural persons at the external borders of the EU) has increased the risk awareness, at least as far as persons are concerned. Risk awareness exists for unaccompanied cash transportation – but is more limited.

(c) legal framework and controls:

There are controls in place through the mandatory declaration of cash transportation at the EU external borders (Cash Control Regulation). This legislation has increased the risk awareness, at least as far as natural persons are concerned. These cash declarations allow for easier detection of suspicious transactions and reporting to the FIUs (although shortcomings in information sharing exist).

Where unaccompanied cash is concerned (cash sent through consignments or parcels) the present legal framework relies mainly on customs controls, which do not allow the capture of all relevant data.

Conclusions: The risk exposure related to cash couriers by physical persons is intrinsically linked to the cash based activity (large volume, anonymity, speediness) - which is exacerbated by the fact that –especially within a terrorism context- the individual couriers often carry amounts below the declarative threshold. While the volume of cash couriers may be more important than for unaccompanied shipping, risk awareness and controls are in place.

The use of cash couriers or methods to ship in/out of the EU unaccompanied cash coupled with the anonymity of cash and (at least with respect to unaccompanied cash) an imperfect control mechanism presents a significant challenge. While the volume of unaccompanied cash shipped in/out the EU is probably lower than for accompanied cash couriers, the risk awareness and controls of the latter pose a greater challenge.

In that context, the level of TF vulnerability related to cash couriers by natural persons is considered as significant (level 3). The level of TF vulnerability related to post/freight is considered as very significant considering the controls/legal framework in place, more than the inherent risk exposure (level 4).

Money Laundering

(a) risk exposure

The assessment of the ML vulnerability related to cash couriers shows that the risk exposure is intrinsically linked to the cash based activity (anonymity, speediness). Hence the risk exposure is particularly important for this modus operandi.

(b) risk awareness

The legislation in place (mandatory cash declarations at the external borders for cash carried by natural persons) has increased the risk awareness, at least as far as persons are concerned.

Risk awareness exists for unaccompanied physical cash transportation – but is more limited with regard to shipping/freight/couriers.

(c) legal framework and controls

Similarly to TF, there are controls in place through the mandatory declaration of cash transportation at the EU external borders (Cash Control Regulation) by natural persons.

These cash declarations allow an easier detection of suspicious transactions and are reported to the FIUs (although shortcomings in information sharing exist and enforcement in application may also vary between Member States).

Where unaccompanied cash is concerned (cash sent through consignments or parcels) the present legal framework relies mainly on customs controls, which do not allow the capture of all relevant data.

Conclusions: The risk exposure related to cash couriers by physical persons is intrinsically linked to the cash based activity (large volume, anonymity, speediness). While the volume of cash couriers may be more important, the risk awareness and the controls in place exist. The use of cash couriers or methods to ship in/out of the EU unaccompanied cash coupled with the anonymity of cash and (at least with respect to unaccompanied cash) an imperfect control mechanism presents a significant challenge. While the volume of unaccompanied cash shipped in/out the EU is probably lower than for accompanied cash couriers, the risk awareness and controls in place pose a greater challenge. In that context, the level of ML vulnerability related to cash couriers by natural persons is considered as significant (level 3) and by post/freight is considered as very significant (level 4).

Mitigating measures

The Commission will present a legislative proposal revising the cash control Regulation to further mitigate those risks. In order to provide competent authorities with adequate tools, the proposal intends to:

·Enable authorities to act on amounts lower than the declaration threshold of EUR10 000, where there are suspicions of criminal activity,

·Improve the exchange of information between authorities and Member States;

·Enable competent authorities to demand disclosure for cash sent in unaccompanied consignments such as cash sent in postal parcels or freight shipments;

·Extend the definition of 'cash' to also include precious commodities acting as highly liquid stores of value such as gold, and to prepaid payment cards which are currently not covered by the standard cash control declaration.

Product

Cash intensive business

Sector

sectors of bars, restaurants, constructions companies, motor vehicle retailers, car washes, art and antique dealers, auction houses, pawnshops, jewelleries, textile retail, liquor and tobacco stores, retail/night shops, gambling services

General description of the sector and related product/activity concerned

An interesting description of the use of cash has been described by the European Central Bank in its report Consumer cash usage. A cross-country comparison with payment diary survey data (ECB Working Paper Series, no 1685, 2014) < https://www.ecb.europa.eu/pub/pdf/scpwps/ecbwp1685.pdf >

Concerning cash limitations, 12 Member States (Germany, Estonia, Ireland, Cyprus, Lithuania, Luxembourg, Malta, Netherlands, Austria, Finland, Sweden, United Kingdom) do not have any restrictions on cash payments. In most countries, large value cash payments triggered obligations under the anti-money laundering provisions of the Directive or national legislation – along the following lines:

(the previous chart ignores the absence of restriction for non-business transactions between private persons)

The following general observations can be made:

·Limitations typically apply to transactions in both national and foreign currencies, the limit being in such case the equivalent of the national limit in that currency.

·Limitations apply to single payments exceeding the thresholds, but legislations often consider that multiple payments connected to a single operation should be considered as one.

·Limitations always concern at least businesses and transactions between businesses and customers. Non-business transactions between natural persons are often not concerned by the limitation (BE, DK, GR, ES, FR, HR, LV, HU, PL, PT).

·Limitations typically apply to transactions in cash (i.e. banknotes). Some national legislations extend explicitly the limitations to bearer instruments (ES, IT)

Description of the risk scenario

Cash intensive business is used by perpetrators:

- to launder large amounts of cash, which are proceeds of criminal activity, by claiming that the funds originate from economic activities;

- to launder amounts of cash, which are proceeds of criminal activity, by justifying its origin based on fictitious economic activities (both for goods and services)

- to finance, through often small amounts of cash, terrorist activities without any traceability

General comment (where relevant)

This risk scenario is intrinsically linked to use of/payment in cash and to high value denomination banknotes risk scenario.

Threat    

Terrorist financing

The assessment of the TF threat related to cash intensive business shows that cash intensive businesses are generally run by individuals through bars, restaurants, phone shops but are managed by a network of persons forming a terrorist organisation. In general, they are used to get clean cash in a speedy way (e.g. selling cars or jewelleries). However, this risk scenario is not used equally by all terrorist organisations (never seen for Daesh for instance) and not largely widespread as it requires capabilities to run the business.

Conclusions: the elements gathered by the LEAs and FIUs show only few cases have been registered meaning that terrorist groups do not favour this risk scenario as it requires some technical expertise and investments to run the business in itself which makes this modus operandi less attractive. However, since this risk is not only hypothetical and that sleeper cells are active in cash intensive businesses, the level of TF threat related to cash intensive business is considered as moderately significant (level 2).

Money laundering

The assessment of the ML threat related to cash intensive business shows that this modus operandi is exploited by criminals as it represents a viable option which is rather attractive and secure. It constitutes the easiest way to hide illegitimate proceeds of crime. However, as for TF, it requires a moderate level of expertise to be able to run the business and to escape detection.

Conclusions: cash intensive businesses are favoured by criminal organisations to launder proceeds of crime. As it requires some level of expertise to run the business, the level of ML threat related to cash intensive business is considered as significant (level 3).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to cash intensive business shows that the main factors are linked to the risk posed by cash.

(a) risk exposure

While cash intensive business is less attractive to terrorist organisations than to criminals (see threat assessment below), when they are used by terrorists they present some vulnerabilities because the underlying risk is the one related to cash. The vulnerability assessment of TF related to cash intensive business is intrinsically linked to the assessment related to the use of/payments in cash in general and can follow the same rationale. Cash intensive businesses allow the processing of a huge number of anonymous transactions which require no management of new technologies and tracking tools. Hence it has a high inherent risk exposure.

(b) risk awareness

The risk awareness appears to be quite low because, even if large sums of cash can be obtained from cash intensive business, some FIUs notice that terrorist organisations seem to prefer lower denomination banknotes which are less easy to be considered as suspicious by obliged entities and LEAs.

(c) legal framework and controls in place

The legal frameworks in place related to cash payment limitations that some Member States have introduced. This framework varies a lot from one Member State to another concerning cash controls and cash payment limitations and, thus, controls can potentially be inexistent.

Conclusions: the vulnerability of cash intensive business is intrinsically linked to the vulnerabilities related to the use of cash in general. The variety of legal frameworks in place, the widespread use of cash in EU economies and the fact that the sector seems being not aware of this risk, the level of TF vulnerability related to cash intensive business is considered as very significant (level 4).

Money laundering

The assessment of the ML vulnerability related to cash intensive business shows that the main factors are linked to the risk posed by cash.

(a) risk exposure

The vulnerability assessment of ML related to cash intensive business is intrinsically linked to the assessment related to the use of/payments in cash in general and can follow the same rational. Cash intensive businesses allow the processing of a huge number of anonymous transactions which require no management of new technologies and tracking tools. This risk exposure concerns cash payments both for goods and services. Hence it has a high inherent risk exposure.

(b) risk awareness

Obliged entities are usually aware about the risk posed by cash – although controls are not easy to implement. However, for other professions not submitted to AML/CFT obligations, risk awareness remains a challenge.

(c) legal framework and controls in place

There is no uniform level of controls at EU level, for instance through common rules on cash limitations or cash transactions reports.

The vulnerability of the sector is affected by the existence, or lack thereof, of rules relating to cash payment limitations:

·where cash limitation rules exist, ML vulnerabilities related to cash intensive business have been more easily mitigated thanks to the legal requirements which allow the refusal of cash payments above a certain threshold. In these cases, controls are in place and allow detecting red flags and suspicious transactions more easily. In addition, these cash payment thresholds are perceived by the sector and by LEAs as more efficient and, eventually, less burdensome than imposing customer due diligence measures. However, these legal businesses can also hide shadow and illicit activities which are able to circumvent the cash limitations.

·where cash limitations rules do not exist, and whilst the risk awareness is quite high, the sector does not know how to manage the risks. It has no tools to control and detect suspicions transactions. The result is that the number of STRs is rather low, or even inexistent.

Some Member States have introduced cash transaction reports to be declared for cash operations over a certain threshold. However, there is no common approach at EU level.

From an internal market perspective, the differences between Member States legislations on cash limitations increases the vulnerability for the internal market; perpetrators may more easily circumvent controls in their country of origin by investing in cash intensive business in another Member States having lower/no control on cash limitation. The existence of cash payments limitations in some Member States, and their absence in other Member States, creates the possibility to bypass the restrictions by moving to the Member States where there are no restrictions, whilst still conducting their terrorist or other illegal activities in the 'stricter' Member State.

The 3rd AML Directive provides that high value dealers accepting payment in cash beyond EUR 15 000 are subject to AML/CFT rules and have to apply CDD requirements. This obligation applies to any persons trading in goods when the payment is made in cash beyond EUR 15 000 – but it does not cover services. However, the effectiveness of those measures is still limited given the number of STRs. The volume of STR reporting is generally low because cash transactions are difficult to detect, there is not much available information and dealers may lose their clients to the benefit of competitors applying looser controls. In addition, it may be difficult for a trader in high value goods to design an AML/CFT policy in the limited events where a cash transaction beyond the threshold takes place (i.e. it is not the sector in itself which is covered by AML/CFT regime – but only high value dealers faced with cash transactions beyond a threshold). For this reason, some Member States have extended the scope to cover certain sectors regardless of the use of cash. Some Member States have also decided to apply a general cash restriction regime at this threshold to reduce the risk of ineffective or cumbersome application of CDD rules by high value dealers. However, it does not mitigate situations of cash intensive business which are based on lower amount cash transactions – or a repeated number of low amount cash transactions.

In addition, cash intensive businesses are inherently risky because there are no rules dealing with fit and proper testing of these businesses' managers. Some cash intensive businesses are more vulnerable than others because they may give rise to cash exchange more easily (motor retails or pawnshops).

Conclusions: the risk exposure to ML of cash intensive businesses is influenced by the existence of legal cash limitations which are efficient to mitigate the risks but are not always sufficient. In a cross-border context, the variety of regulations on cash payments constitutes also a factor of vulnerabilities. When no rules are in place, the risk awareness of the sector is quite low, leading to few STRs to FIUs. Investigative capacities from LEAs are then quite limited. In light of this, the level of ML vulnerabilities related to cash intensive businesses is considered as very significant (level 4).

Mitigating measures

·The Commission examines launching an initiative to swiftly reinforce the EU framework on the prevention of terrorism financing by enhancing transparency of cash payments through an introduction of a restriction of cash payments or by any other appropriate means. Organised crime and terrorism financing rely on cash for payments for carrying out their illegal activities and benefitting from them. By restricting the possibilities to use cash, the proposal would contribute to disrupt the financing of terrorism, as the need to use non anonymous means of payment would either deter the activity or contribute to its easier detection and investigation. Any such proposal would also aim at harmonising restrictions across the Union, thus creating a level playing field for businesses and removing distortions of competition in the internal market. It would additionally foster the fight against money laundering, tax fraud and organised crime.

·The Commission will continue to monitor the application of AML/CFT obligations by dealers in goods covered by the AMLD and further assess risks posed by providers of services accepting cash payments. It will further assess the added value and benefit for making additional sectors subject to AML/CFT rules.

·Member States should take into account in their national risk assessments the risks posed by payment in cash in order to define appropriate mitigating measures such as the introduction of cash limits for payments, Cash Transaction Reporting systems, or any other measures suitable to address the risk. Member States should consider making sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their NRA.

Product

High value banknotes

Sector

/

General description of the sector and related product/activity concerned

In spite of steady growth in non-cash payment methods and a moderate decline in the use of cash for payments, the total value of euro banknotes in circulation continues to rise year-on-year beyond the rate of inflation. Cash is largely used for low value payments and its use for transaction purposes is estimated to account for around one-third of banknotes in circulation. Meanwhile the demand for high denomination notes, such as the EUR 500 note, not commonly associated with payments, has been sustained. These are anomalies which may be linked to criminal activity.

Perhaps the most significant finding around cash is that there is insufficient information around its use, both for legitimate and illicit purposes. The nature of cash and the nature of criminal finances mean that there is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

One of the few reliable figures available, that of the volume and value of bank notes issued and in circulation in the EU, leaves open questions around the use to which a large proportion of cash in issuance is put, especially when considering the EUR 500 note. From a total of approximately EUR 1 trillion banknotes in circulation as of end-2014, the use of a significant proportion of these remains unknown. Furthermore, the EUR 500 note alone accounts for over 30% of the value of all banknotes in circulation, despite it not being a common means of payment. Although it has been suggested that these notes are used for hoarding, this assumption is not proven. Even if this is the case, the nature of the cash being hoarded (criminal or legitimate) is unknown.

Description of the risk scenario

Perpetrators use high value denominations, such as EUR 500 banknotes, to make the cash transportation easier (the larger the denomination, the more funds can be shrunk to take up less space).

General comment (if relevant)

This risk scenario is intrinsically linked to use of/payment in cash and to cash intensive business risk scenario

Threat    

Terrorist financing

The assessment of the TF threat related to high value denomination banknotes shows that terrorist groups are not really keen in using high value denominations. They are not necessarily easy to access and, given that they can be detected quite easily they are not attractive for terrorist groups whose first objective is to get cash as quickly as possible. For sake of discretion, terrorist groups tend to favour low denominations banknotes. LEAs have detected few cases which tend to demonstrate that the intent and capability are not really significant.

Conclusions: in that context, the level of TF threat related to high value denominations banknotes is considered as moderately significant (level 2)

Money laundering

The assessment of the ML threat related to high value denomination banknotes shows that they are recurrently exploited by criminal organisations to launder proceed of crime. The risk related to high value banknotes is not limited to EUR 500 and as long as long large sums in cash are gathered they are considered as attractive by criminal organisations. It does not require any major planning or complex operation – i.e. perpetrators have the technical skills to easily use this product. It remains a "low cost" operation and allows storing of large amounts in very small volumes – which makes it very attractive for organised crime. It has been reported by LEAs that some criminal groups seek EUR 500 banknotes by paying a premium in order to get access to those large denominations; this demonstrates its attractiveness.

Conclusions: banknotes (EUR 500 but not only) are used recurrently by criminal organisations. This modus operandi is widely accessible and available at low cost. For ML purposes, it's quite easy to abuse and requires no specific planning or knowledge. In that context, the level of ML threat related to high value denomination banknotes is considered as very significant (level 4)

Vulnerability

Terrorist financing

The assessment of TF vulnerability related to high value denomination banknotes shows that this product is as vulnerable for TF as for ML for the following reasons:

(a) risk exposure

Large volume of high value denominations is in circulation, despite low use in commercial transactions. Cash still allows carrying transactions in an expedited, anonymous, and untraceable way.

(b) risk awareness

Especially LEAs and FIUs have high risk awareness, as do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature, especially Europol reports, point to the blind spot in risk awareness (i.e. the precise use of high value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

(c) legal framework and controls in place

Even if terrorist groups are less attracted to high value denomination banknotes, detection is quite difficult because there is no EU harmonisation concerning the legal framework related to the use of high value denomination banknotes. Controls are uneven; reports to FIUs are rather few, and most of the time they cannot distinguish between ML and TF. The use of high value denomination banknotes for ML purposes may be impacted by the ECB decision to gradually phase out EUR 500 (may 2016) because of the recognised links with criminal activities. However, the return rate is generally quite low and these banknotes may be still in use for a long time. Therefore, this cannot be seen as an immediate mitigation measure.

Conclusions: from a vulnerability point of view, risk exposure is high, level of awareness is low and controls in place are not harmonised which create potential loopholes when cross-border transactions are at stake. In light of this, the level of TF vulnerability related to high value denomination banknotes is considered as very significant (level 4).

Money laundering

The assessment of ML vulnerability related to high value denomination banknotes shows the following features:

(a) risk exposure

High value denominations allow the storing/putting into circulation of large volumes of cash in a speedy and anonymous way. A large volume of high value denominations is in circulation, despite the low level of use in commercial transactions. Even if the use of high value denominations raises red flags, it remains that these denominations are not necessarily used for payments but rather to move funds. Large amounts can be stored in very small volumes. They are less easy to detect by FIUs and obliged entities.

(b) risk awareness

Especially LEAs and FIUs have high risk awareness, as do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature, especially Europol reports, point to the blind spot in risk awareness (i.e. the precise use of high value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

(c) legal framework and controls in place

The use of high value denomination banknotes for ML purposes may be impacted by the ECB decision to gradually phase out EUR 500 (May 2016) because of the recognised links with criminal activities. The issuance of the EUR 500 will be stopped around the end of 2018. However, the return rate is generally quite low and these banknotes may be still in use for a long time. The EUR 500 will remain legal tender and can therefore continue to be used as a means of payment and store of value. Therefore, this cannot be seen as an immediate mitigation measure.

Conclusions: similarly to the outcomes of the assessment of the TF vulnerability related to high value denomination banknotes, the ML vulnerability related to these products is considered as very significant (level 4).

Mitigating measures

·Monitoring of the return rate of EUR 500 banknotes will be conducted as well as an assessment of the evolution of the usage of the EUR 200 banknote.

Product

Payments in cash

Sector

/

General description of the sector and related product/activity concerned

Certain studies suggest that cash transactions have been moderately declining at a rate of between 1.3 – 3.3% per year7. This appears to correspond with available information around the growth of non-cash payment methods (an increase of about 4.2% for Europe8) and information on EU citizens’ access to banking services (around 89% of adults have bank accounts compared to just 41% in the developing world)9. However payments in cash are still widespread; according to ECB data, 87% of all transactions below EUR 20 are still made in cash.

7 http://www.richmondfed.org/publications/research/working_papers/2014/

pdf/wp14-09.pdf

8 http://www.ecb.europa.eu/press/pr/date/2013/html/pr130910.en.html

9 http://elibrary.worldbank.org/doi/pdf/10.1596/1813-9450-6025

Description of the risk scenario

Perpetrators frequently need to use a significant portion of the cash that they have acquired to pay for the illicit goods they have sold, to purchase further consignments, or to pay the various expenses incurred in transporting the merchandise to where it is required. Despite the advantages and disadvantages of dealing in cash (detailed earlier in this report) for criminal groups, there is often little choice. The criminal economy is still overwhelmingly cash based. This means that, whether they like it or not, perpetrators selling some form of illicit product are likely to be paid in cash. The more successful the perpetrators are and the more of the commodity they sell, the more cash they will generate. This can cause perpetrators significant problems in using, storing and disposing of their proceeds. Yet despite these problems, cash is perceived to confer some significant benefits on them.

In addition, the objective of criminals is to launder large amounts of cash, which are proceeds of criminal activity, by claiming that the funds originate from economic activities. They may launder amounts of cash, which are proceeds of criminal activity, by justifying its origin based on fictitious economic activities (both for goods and services). Terrorists may finance, through often small amounts of cash, terrorist activities without any traceability (see general description under cash intensive business).

General comment (where relevant)

This risk scenario is intrinsically linked to cash intensive business and high value denomination banknotes risk scenario.

Threat    

Terrorist financing

The assessment of the TF threat related to payments in cash shows that terrorist groups use recurrently cash, as this modus operandi is widely accessible and low cost. Cash is at the basis of all illicit trafficking and illicit purchase of products. In general, cash is really attractive, difficult (even impossible) to detect and does not require specific expertise to be used.

Conclusions: based on the feedback from LEA and FIUs, the level of TF threat is considered as very significant (level 4).

Money laundering

The assessment of the ML threat related to payments in cash is considered as similar to the assessment of TF threat. For ML, cash is also the preferred option for criminals, which allows hiding illicit proceeds of crime easily and moving funds rapidly, including cross-border. As for TF, it does not require specific expertise, knowledge or planning capacities.

Conclusions: based on the feedback from LEA and FIUs, the level of ML threat is considered as very significant (level 4).

Vulnerability

Terrorist financing

The assessment of TF vulnerability related to payments in cash shows the following features:

(a) risk exposure

Cash payments allow speedy and anonymous transactions. The level of risk exposure is very high considering that large sums can also be moved across borders and may involve high risk customers and/or geographical areas.

(b) risk awareness

Especially LEAs and FIUs have high risk awareness, and so do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature, especially a Europol report, points to the blind spot in risk awareness (i.e. the precise use of high value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

(c) legal framework and controls in place

While cash payment limitations may allow a mitigation of the level of vulnerability, legal frameworks in place related to cash payment limitations vary a lot from one Member State to another and, therefore, controls can potentially be inexistent. From an internal market perspective, the differences between Member States legislations on cash limitations increases the vulnerability for the internal market; perpetrators may more easily circumvent controls in their country of origin by investing cash intensive business in another Member States having lower/no control on cash limitation.

The 3rd AML Directive provides that high value dealers accepting payment in cash beyond EUR 15 000 are subject to AML/CFT rules and have to apply CDD requirements. This obligation applies to any persons trading in goods when the payment is made in cash beyond EUR 15 000 – but it does not cover services. However, the effectiveness of those measures is still limited considering the number of STRs. The volume of STR reporting is generally low because cash transactions are difficult to detect, there are few available information and dealers may lose their clients for the benefit of competitors applying looser controls. For those Member States who have put in place CTR, most of the time they are not connected to any STR and the analysis cannot be conducted (for instance, large sums withdrawn from an ATM will trigger CTR but no specific suspicion is related to that and the FIU cannot launch any investigation).

In addition, it may be difficult for a trader in high value goods to design an AML/CFT policy in the limited events where a cash transaction beyond the threshold takes place (i.e. it is not the sector in itself which is covered by AML/CFT regime – but only high value dealers faced with cash transactions beyond a threshold). For this reason, some Member States have extended the scope to cover certain sectors regardless of the use of cash. Some Member States have also decided to apply a general cash restriction regime at this threshold to reduce the risk of ineffective or cumbersome application of CDD rules by high value dealers. However, it does not mitigate situations of cash intensive business which are based on lower amount cash transactions – or a repeated number of low amount cash transactions.

In any case, some competent authorities consider that even when cash payment limitations exist, enforcement of these limitations is very challenging and may limit their impact on TF activities.

Conclusions: considering that cash payments may engage large transactions speedily and anonymously, including cross-border, that all sectors may potentially be exposed to cash payments and even if they are aware that these payments present some risks are not equipped to mitigate them (either because no framework/controls in place, or because enforcement of the controls is not efficient), the level of TF vulnerability related to payments in cash is considered as very significant (level 4). 

Money laundering

The assessment of ML vulnerability related to payments in cash shows the following features:

(a) risk exposure

The sector shows the same vulnerability to TF as to ML. As for TF, cash payments allow speedy and anonymous transactions to launder proceeds of ML crime. The level of risk exposure is very high considering that large sums can also be moved across borders and may involve high risk customers and/or geographical areas.

(b) risk awareness

Especially LEAs and FIUs have high risk awareness, and so do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature, especially the Europol report, points to the blind spot in risk awareness (i.e. the precise use of high value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

(c) legal framework and controls in place

While cash payment limitations may allow mitigating the level of vulnerability, legal frameworks in place related to cash payment limitations vary a lot from one Member State to another and, therefore, controls can potentially be inexistent. From an internal market perspective, the differences of Member States legislation in cash limitations increases the vulnerability for the internal market; perpetrators may more easily circumvent controls in their country of origin by investing cash intensive business in another Member States having lower/no control on cash limitation.

The volume of reporting is very low because cash transactions are difficult to detect. For those Member States who have put in place CTR, most of the time they are not connected to any STR and the analysis cannot be conducted (for instance, large sums withdrawn from an ATM will trigger CTR but no specific suspicion is related to that and the FIU cannot trigger any investigation).

In any case, some competent authorities consider that even when cash payment limitations exist, enforcement of these limitations is really challenging and may limit their impact on ML activities.

Conclusions: considering that cash payments may engage large transactions speedily and anonymously, including across border, that all sectors may potentially be exposed to cash payments and even if they are aware that these payments present some risks are not equipped to mitigate them (either because no framework/controls in place, or because enforcement of the controls is not efficient), the level of ML vulnerability related to payments in cash is considered as very significant (level 4). 

Mitigating measures

·The Commission examines launching an initiative to swiftly reinforce the EU framework on the prevention of terrorism financing by enhancing transparency of cash payments through an introduction of a restriction of cash payments or by any other appropriate means. Organised crime and terrorism financing rely on cash payments for carrying out their illegal activities and benefitting from them. By restricting the possibilities to use cash, the proposal would contribute to disrupt the financing of terrorism, as the need to use non anonymous means of payment would either deter the activity or contribute to its easier detection and investigation. Any such proposal would also aim at harmonising restrictions across the Union, thus creating a level playing field for businesses and removing distortions of competition in the internal market. It would additionally foster the fight against money laundering, tax fraud and organised crime.

·The Commission will continue to monitor the application of AML/CFT obligations by dealers in goods covered by the AMLD and further assess risks posed by providers of services accepting cash payments. It will further assess the added value and benefit for making additional sectors subject to AML/CFT rules.

·Member States should take into account in their national risk assessments the risks posed by payment in cash in order to define appropriate mitigating measures such as the introduction of cash limits for payments, Cash Transaction Reporting systems, or any other measures suitable to address the risk. Member States should consider making sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their NRA.

Product

Deposits on accounts

Sector

Credit and financial institutions

General description of the sector and related product/activity concerned

As far as trends are concerned, according to data from the European Banking Federation 1 since 1998, the total stock of deposits in the EU contracted slightly, by 2.4% in 2013, but returned to a pattern of growth in 2014 (+0.2%). While the contraction in 2013 was generated in the euro area, the rise from 2014 onwards is only attributable to the euro area countries where bank deposits expanded by EUR171.3 billion or 1.0%. At the same time, non-euro area EU countries’ deposits contracted by EUR127.9 billion or 2.4%. In total, the 76.7% of all EU deposits are held by banks headquartered in the euro area. This share has changed very marginally in the last few years.

Description of the risk scenario

Perpetrators place the proceeds of crime into the financial system through the regulated credit and financial sector in order to hide its illegitimate origin. Terrorists, supporters or facilitators place funds from legitimate sources into the financial system with a view of using it for terrorist purposes.

Money mules mechanisms may be used to transfer proceeds out of the banking sector using personal accounts either through cybercrime (scamming, fake banking websites etc.), money value transfer services.

Threat    

Terrorist financing

The assessment of the TF threat related to deposits on account /retail banking shows that this risk scenario concerns both placing funds and withdrawing funds (i.e. deposits on account and use of this account).

It is frequently used by terrorists but also by relatives/friends and this extends the scope of the intent and capability analysis. Furthermore, law enforcement authorities have reported the use of forged or stolen documents by terrorists to open bank accounts. According to information from competent authorities, foreign terrorist fighters are generally withdrawing bank accounts' deposits through ATMs located in high risk third countries or conflict zones in general or in bordering countries. Terrorists outside conflict zones also withdraw funds through ATMs in order to pay in cash some of the expenses related to their operations. The source of the funds deposited on bank accounts may come from both legitimate and non-legitimate origins.

In general, this modus operandi is easily accessible especially when legitimate funds are used, and thus they do not trigger any suspicion when the bank account is opened. It appears that terrorist groups do not have specific challenges in hiding the real beneficiary of the funds or the exact purpose of the transaction (destination of funds) given that they may still include family members or relatives in the ownership chain. Concerning cash withdrawals, it may be more challenging if the terrorist organisation cannot access ATM-related to banks in conflict zones. It requires at least basic planning and basic knowledge of how banking systems work. At the same time, once executed, cash withdrawals allow cross-border movements which make this risk scenario rather attractive.

Conclusions: terrorists groups use rather frequently this easily accessible modus operandi, although it requires some basic knowledge and planning capabilities to ensure that funds deposited are legitimate. The identity of the beneficiary of funds can be hidden. This modus operandi is rather attractive for terrorist groups. In that context, the level of TF threat related to deposits on accounts is considered as significant/very significant (level 3/4)

Money laundering

The assessment of the ML threat related to deposits on account /retail banking shows that this risk scenario concerns both placing funds and withdrawing funds (i.e. deposits on account and use of this account).

It is frequently used by organised crime organisations but also by relatives/close associates which extends the scope of the intent and capability analysis. Law enforcement authorities reported a frequent use of this modus operandi since it one of the easiest way to integrate illicit funds into the financial system. It does not require planning and knowledge of how banking systems work, and it is low cost. Also complex money laundering cases were reported with funds deposited on accounts transiting via a chain of complex operations. For such complex schemes, perpetrators may use available expertise from intermediaries.

Conclusions: the level of ML threat related to deposits on account is considered as very significant (level 4).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to deposits on account /retail banking shows that as far as the placement and withdrawing of funds is concerned:

(a) risk exposure:

Deposits on accounts represent, by definition, high volumes of products where, in the case of cash, the origin of funds cannot be always traced. When traced through electronic payments, the origin of funds might be legitimate. In such case, the use made by those funds may trigger a link to terrorist activities. When used by terrorist organisations, funds may come from high risk third countries.

(b) risk awareness:

The risk awareness of credit and financial institutions is quite good due to the fact that the sector has put in place guidance to detect the relevant red flags on TF. While the sector is inherently highly exposed to TF risks, it has the adequate tools to detect these risks. This is confirmed by a good level of reporting. However, CDD and risk indicators are not always sufficient to detect a link to terrorist activities due to the legitimate origin of the funds. FIUs and LEAs are also well aware about the vulnerabilities of the sector and are proactively engaged with the sector. This is confirmed by the typology project launched by the Egmont group on ISIL. Nevertheless, some weaknesses remain in the supervision aspects.

(c) legal framework and controls

Retail banking services/deposits on accounts (including from cash) are covered by the AML/CFT framework since the first AML/CFT legislation at EU level in 1991. Controls in place are generally considered as efficient. Obliged entities are applying CDD measures including monitoring and reporting of STRs in an effective way. It is nevertheless important to mention that new risks and opportunities may emerge with FinTech/RegTech.

Conclusions: although the risk exposure may be considered as quite high (significant level of transactions), the sector shows a good level of awareness to the risk vulnerability and is able to put in place the relevant red flags. The legal framework and controls are the basis of a good level of reporting. In that context, the level of TF vulnerability related to deposits on accounts/retail banking is considered as moderately significant (level 2).

Money laundering

The assessment of the ML vulnerability related to deposits on account /retail banking shows that it shares the same features as the TF vulnerability assessment.

(a) risk exposure:

Deposits on accounts represent, by definition, high volumes of products where in the case of cash, the origin of funds cannot be always traced. While rather common practice for credit and financial institutions, deposits represent a high number of operations that may involve different kind of customers (some may present factors of high risks, either because they are politically exposed persons or because they are based in areas identified as high risks).

(b) risk awareness:

The risk awareness is quite good due to the fact that the sector has put in place guidance to detect the relevant red flags on ML. While the sector is inherently highly exposed to ML risks, it has adequate tools to detect these risks. This is confirmed by a good level of reporting. FIUs and LEAs are also well aware about the vulnerabilities of the sector and are proactively engaged with the sector. Nevertheless, some weaknesses remain in the supervision aspects.

(c) legal framework and controls

Retail banking services provided by financial institutions and cash deposits to credit institutions are covered by the AML/CFT framework since the first AML/CFT legislation at EU level in 1991. Controls in place are considered as efficient. It is nevertheless important to mention that new risks and opportunities may emerge with FinTech/RegTech.

Conclusions: similarly to what has been analysed under the TF vulnerability part, deposits on accounts are less exposed to ML risks due to the good functioning of the controls and a good level of awareness from the sector. In that context, the level of ML vulnerability related to deposit on accounts/retail banking is considered as moderately significant (level 2).

Mitigating measures

·The Commission proposed to reinforce the Directive (EU) 2015/849 by putting forward targeted amendments as presented in the Commission's proposal adopted in July 2016 (see COM(2016)450):

(i) broadening the scope and reinforcing accessibility of beneficial ownership information for legal entities and legal arrangements. This will also include interconnection of beneficial ownership registers at EU level.

(ii) clarifying explicitly that electronic identification means as set out in Regulation (EU) No 910/2014 ("e-IDAS") can be used for meeting CDD requirements.

·The Commission will launch further analysis in order to identify risks and opportunities in FinTech/RegTech. The Commission FinTech Task Force will assess technological developments, technology enabled services and business models, will determine whether existing rules and policies are fit for purpose and will identify options and proposals to harness opportunities or address possible risks. .

·The Commission will carry out a study mapping and analysing on-boarding bank practices across the EU and any next steps will be assessed.

·The ESAs should provide updated guidelines on internal governance further clarifying expectations with regard to the functions of the compliance officer in financial institutions s. The Commission services will further analyse whether those guidelines allow a sufficient reinforcement of the position of the AML/CFT – compliance officer.

Product

Deposits on accounts

Sector

Credit institutions - Institutional investment

General description of the sector and related product/activity concerned

The EU asset management sector is composed of two pillars that are complementing each other. The first pillar comprises the mutual fund industry, the so-called UCITS funds (EUR8 tr of assets under management). The second pillar includes alternative investment funds such as hedge funds, private equity, venture capital or real estate funds (EUR3 tr of assets under management).

Description of the risk scenario

Perpetrators are using institutional investors to invest in shares for integration of proceeds, title of shares to conceal beneficial ownership, frauds for predicate offence (e.g. insider dealing); brokerage accounts; investment to justify criminal proceeds as profit; predicate investment fraud. Placement of proceeds by using specialised, high-return financial services.

General comments

This risk scenario should be linked to the one related to institutional investment provided by brokers. It has been considered that as far as the ML vulnerability is concerned, the level of risk is higher for brokers.

Threat    

Terrorist financing

The assessment of the TF threat related to institutional investment- banks (securities, asset management, and investment) has been considered in conjunction with ML schemes related to institutional investment in order to hide the illegal origin of the funds. In that context, the TF threat does not benefit from a separate assessment.

Conclusion: in light of this, the assessment of the TF threat related to institutional investment through banks is considered as moderately significant (level 2).

Money laundering

The assessment of the ML threat related to institutional investment- banks (securities, asset management, and investment) shows that criminal organisations do not favour this kind of risk scenario. Although large amount of funds can be gathered through this process, it is not easy to access, not financially viable (depends on the quality of investment) and in any case, it requires knowledge and technical expertise. It is very close to wealth management financial services. However, perpetrators may have increased intention to use this modus operandi when they can rely on more complex planning carried out by facilitators for this type of services.

Conclusions: in that context, the assessment of the ML threat related to institutional investment through banks is considered as moderately significant (level 2).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to institutional investment - banks (securities, asset management, and investment) has been considered in conjunction with ML schemes related to institutional investment. In that context, the TF vulnerability does not benefit from a separate assessment.

Conclusion: in light of this, the assessment of the TF vulnerability related to institutional investment through banks is considered as moderately significant (level 2).

Money laundering

The assessment of the ML vulnerability related to institutional investment - banks (securities, asset management, and investment) shows that:

(a) risk exposure:

The inherent risk is potentially high due to the nature of customers. This sector is mostly exposed to high risk customers including PEPs. The volume of transactions concerned is significant, also in term of amounts with a high level of cross-border transactions.

(b) risk awareness:

According to FIUs, the level of STRs is quite low in respect to the volume of transactions concerned. At the same time, financial transactions concerned are more complex and the suspicious ones are probably less easy to detect by obliged entities. The fact that the service is provided by a credit institution limits the vulnerabilities given that credit institutions are obliged to fulfil a number of basic compliance requirements for all activities and apply the same level of controls whatever the financial services concerned. Nevertheless, based on the information received, it seems that supervisors could not show a sound understanding of the operational AML/CFT risks posed by this specific type of business activity.

(c) legal framework and controls:

Institutional investments through banks are covered by AML/CFT requirements at EU level. However, the quality of this legal framework's implementation is questionable. In the investment field, the client manager has a vested interest in conducting the business relationship (reward/salary) and this may lead him/her to margin of complaisance in the implementation of CDD. It is also important to mention that new risks and opportunities may emerge with FinTech/RegTech.

Conclusions: the risk exposure is inherently high due to the nature of the customer and the large amounts linked to the transactions. However, when provided by a bank, the investment service is quite well framed and controlled. The low level of STRs may be justified by the fact that due to the complexity of the transaction, few suspicious cases arose (in general, these transactions are approved by senior manager). In light of this, the ML vulnerability related to institutional investment provided through banking institutions is considered as moderately significant (level 2).

Mitigating measures

·The Commission proposed to reinforce the Directive (EU) 2015/849 by putting forward targeted amendments as presented in the Commission's proposal adopted in July 2016 (see COM(2016)450):

(i) broadening the scope and reinforcing accessibility of beneficial ownership information for legal entities and legal arrangements. This will also include interconnection of beneficial ownership registers at EU level.

(ii) clarifying explicitly that electronic identification means as set out in Regulation (EU) No 910/2014 ("e-IDAS") can be used for meeting CDD requirements

·The Commission will launch further analysis in order to identify risks and opportunities on FinTech/RegTech. The Commission FinTech Task Force will assess technological developments, technology enabled services and business models, will determine whether existing rules and policies are fit for purpose and identify options and proposals to harness opportunities or address possible risks.
The Commission will carry out a study mapping and analysing on-boarding bank practices across the EU and any next steps will be assessed.

·Updated guidelines on internal governance further clarifying expectations with regard to the functions of the compliance officer in financial institutions should be provided by the ESAs and the Commission will further analyse whether those guidelines allow the position of the AML/CFT – compliance officer to be sufficiently reinforced.

·An analysis of operational AML/CFT risks linked to the business/business model in the institutional investment sector should be provided by the ESAs. .

·Further guidance for the application of beneficial ownership identification for providers of investment funds, especially in situations presenting a higher risk of ML/TF should be provided by the ESAs

Product

Deposits on accounts

Sector

Investments firms - Institutional investment

General description of the sector and related product/activity concerned

The EU asset management sector is composed of two pillars that are complementing each other. The first pillar comprises the mutual fund industry, so-called UCITS funds (EUR8 tr of assets under management). The second pillar includes alternative investment funds such as hedge funds, private equity, venture capital or real estate funds (EUR3 tr of assets under management).

Description of the risk scenario

Perpetrators are using institutional investors to invest in shares for integration of proceeds, title of shares to conceal BO, frauds for predicate offence (e.g. insider dealing); brokerage accounts; investment to justify criminal proceeds as profit; predicate investment fraud. Placement of proceeds by using specialised, high-return financial services.

General comments

This risk scenario should be linked to the one related to institutional investment provided by banks. It has been considered that as far as the ML vulnerability is concerned, the level of risk is lower for banks.

Threat    

Terrorist financing

The assessment of the TF threat related to institutional investment - brokers (securities, asset management, and investment) has been considered in conjunction with ML schemes related to institutional investment - brokers. In that context, the TF threat does not benefit from a separate assessment.

Conclusion: in that context, the assessment of the TF threat related to institutional investment through brokers is considered as moderately significant (level 2).

Money laundering

The assessment of the ML threat related to institutional investment - brokers (securities, asset management, and investment) shows that criminal organisations do not favour this kind of risk scenario. Although large amount of funds can be gathered through this process, it is not easy to access, not financially viable (depends on the quality of investment) and in any case, it requires knowledge and technical expertise. It is very close to wealth management financial services. However, there may be intention when perpetrators can rely on more complex planning and use facilitators for this type of services.

Conclusions: in that context, the assessment of the ML threat related to institutional investment through brokers is considered as moderately significant (level 2).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to institutional investment-brokers (securities, asset management, and investment) has been considered in conjunction with ML schemes related to institutional investment - brokers. In that context, the TF vulnerability does not benefit from a separate assessment.

Conclusion: the risk exposure is inherently high due to the nature of the customer and the large amounts linked to the transactions. In addition, when provided by a broker/asset manager, the level of controls may be less efficient than when provided by a credit institution. In that context, the TF vulnerability related to institutional investment provided through brokers/asset managers is considered as significant (level 3).

Money laundering

The assessment of the ML vulnerability related to institutional investment -brokers (securities, asset management, and investment) shows that:

(a) risk exposure:

The inherent risk is potentially high due to the nature of customers. This sector is mostly exposed to high risk customers including PEPs. The volume of transactions concerned is significant, also in terms of amounts with a high level of cross-border transactions.

(b) risk awareness:

According to FIUs, the level of STRs is quite low in respect to the volume of transactions concerned. At the same time, the financial transactions concerned are complex and the suspicious transactions are probably less easy to detect by obliged entities. The fact that the service is provided by a broker affects the level of vulnerabilities which is considered as higher than the one concerning credit institutions. Competent authorities consider that asset managers are less equipped than credit institutions to detect suspicious transactions and apply the lowest controls on this kind of business relationships which constitute, most of the time, their core business. The competition component is not negligible and some cases have been identified where brokers accept to apply lower controls to attract more customers. Based on the information received, it seems that supervisors could not show a sound understanding of the operational AML/CFT risks posed by this specific type of business activity.

(c) legal framework and controls:

Institutional investments through brokers are covered by AML/CFT requirements at EU level. However, the quality of this legal framework's implementation is questionable. Competent authorities considered that the implementation of AML/CFT rules is less efficient for brokers than for credit institutions. In the investment field, the client manager has a vested interest in conducting the business relationship (reward/salary) and this may lead him/her to be more complacent in the implementation of CDD.

Conclusions: the risk exposure is inherently high due to the nature of the customer and the large amounts linked to the transactions. In addition, when provided by a broker/asset manager, the level of controls may be less efficient than when provided by a credit institution. In that context, the ML vulnerability related to institutional investment provided through brokers/asset managers is considered as significant (level 3).

Mitigating measures

·The Commission proposed to reinforce the Directive (EU) 2015/849 by putting forward targeted amendments as presented in the Commission's proposal adopted in July 2016 (see COM(2016)450):

(i) broadening the scope and reinforcing accessibility of beneficial ownership information for legal entities and legal arrangements. This will also include interconnection of beneficial ownership registers at EU level.

(ii) clarifying explicitly that electronic identification means as set out in Regulation (EU) No 910/2014 ("e-IDAS") can be used for meeting CDD requirements

·The Commission will launch further analysis in order to identify risks and opportunities on FinTech/RegTech. The Commission FinTech Task Force will assess technological developments, technology enabled services and business models, will determine whether existing rules and policies are fit for purpose and identify options and proposals to harness opportunities or address possible risks. .

·The Commission will carry out a study mapping and analysing on-boarding bank practices across the EU and any next steps will be assessed.

·Updated guidelines on internal governance further clarifying expectations with regard to the functions of the compliance officer in financial institutions should be provided by the ESAs and the Commission will further analyse whether those guidelines allow the position of the AML/CFT – compliance officer to be to sufficiently reinforced.

·An analysis of operational AML/CFT risks linked to the business/business model in the institutional investment sector as well as further guidance for the application of beneficial ownership identification for providers of investment funds, especially in situations presenting a higher risk of ML/TF should be provided by the ESAs.

·A sufficient number of on-site inspections that is commensurate to the ML/TF risks identified should be conducted by supervisors. In this context, supervisors should assess the implementation of rules with regard to identification of beneficial ownership (compliance with the BO definition).

·Member States' supervisors should carry out within 2 years, a thematic inspection on institutional investment, with a particular focus on brokers, except for those that carried out recently such thematic inspections. The results of the thematic inspections should be communicated to the Commission.

Product

Deposits on accounts

Sector

Credit institutions - Corporate banking

Description of the risk scenario

Perpetrators use cash front businesses to inject proceeds into legal economy using company accounts with multi-signatories

Threat    

Terrorist financing

The assessment of the TF threat related to corporate banking has been considered as in conjunction with ML schemes related to corporate banking in order to hide the illegal origin of the funds. In that context, the TF threat does not benefit from a separate assessment.

Conclusions: this modus operandi is used by criminals and, from LEAs perspective, requires only moderate levels of knowledge and expertise. In that context, the level of TF threat related to corporate banking is considered as significant (level 3).

Money laundering

The assessment of the ML threat related to corporate banking shows that this risk scenario has been recurrently used for ML schemes. While it requires more sophistication than the retail financial sector, depending on the financial service concerned, this level of sophistication is lowered (for instance, personal documentation is required only if there is demand for a credit loan). Nevertheless, given the level of sophistication that corporate banking operations require, in general the conduct of money laundering activities should involve the complicity of financial/legal intermediaries that shall be paid for their "services". This is a parameter that may have an impact on the intent component.

Conclusions: this modus operandi is used by criminals and, from LEAs perspective, requires only moderate levels of knowledge and expertise. In that context, the level of ML threat related to corporate banking is considered as significant (level 3).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to corporate banking has been considered as in conjunction with ML schemes related to corporate banking. In that context, the TF vulnerability does not benefit from a separate assessment.

Conclusions: the level of TF vulnerability related to corporate banking is considered as moderately significant (level 2).

Money laundering

The assessment of the ML vulnerability related to corporate banking shows that:

(a) risk exposure:

The inherent risk is potentially high due to the nature of customers. Indeed, corporate banking is, by definition, used by companies where the identification of the beneficial owner constitutes a particular point of vulnerability. The structure of the business relationship (more complex) and the transactions concerned (larger amounts than in retail payments) as well as the risk linked to forged documentation affect the level of risk exposure.

(b) risk awareness: 

The sector appears quite aware of its risks. It has developed tools in order to trigger adequate red flags. FIUs have confirmed this element mentioning that a high number of STRs was received on this matter. Based on the information received, it seems that supervisors could not show a sound understanding of the operational AML/CFT risks posed by this specific type of business activity.

(c) legal framework and controls: 

Corporate banking is covered by AML/CFT requirements at EU level. This framework is considered as satisfactory as the one covering other financial activities undertaken by credit institutions. It is also important to mention that new risks and opportunities may emerge with FinTech/RegTech.

Conclusions: corporate banking presents some vulnerability due to customers' risk factors. However, the legal framework in place is considered as adapted to these vulnerabilities and credit institutions involved in corporate banking activities are aware of the ML risks and equipped to address them. In that context, the level of ML vulnerability related to corporate banking is considered as moderately significant (level 2).

Mitigating measures

For the Commission

·The Commission proposed to reinforce the Directive (EU) 2015/849 by putting forward targeted amendments as presented in the Commission's proposal adopted in July 2016 (see COM(2016)450):

(i) broadening the scope and reinforcing accessibility of beneficial ownership information for legal entities and legal arrangements. This will also include interconnection of beneficial ownership registers at EU level.

(ii) clarifying explicitly that electronic identification means as set out in Regulation (EU) No 910/2014 ("e-IDAS") can be used for meeting CDD requirements

·Launching further analysis in order to identify risks and opportunities on FinTech/RegTech. The Commission set up a FinTech Task Force with the objective of assessing technological developments, technology enabled services and business models, determine whether existing rules and policies are fit for purpose and identify options and proposals to harness opportunities or address possible risks.

·The Commission will carry out a study mapping and analysing on-boarding bank practices across the EU and any next steps will be assessed.

For the European Supervisory Authorities

·ESAs to provide for updated guidelines on internal governance further clarifying expectations with regard to the functions of the compliance officer in financial institutions. The Commission will further analyse whether those guidelines allow the position of the AML/CFT – compliance officer to be sufficiently reinforced.

·In the context of the update of the Joint Committee of the ESAs' joint opinion on risks of ML and TF ESAs should provide an analysis of operational AML/CFT risks linked to the business/business model in the corporate banking sector.

For competent authorities/self-regulatory bodies

·Authorities/self-regulatory bodies should provide training sessions and guidance on risk factors with specific focus on non-face-to-face business relationships; off-shore professional intermediaries or customers or jurisdictions; complex/shell structures.

·Self-regulatory bodies/competent authorities should conduct thematic inspections on how beneficial owner identification requirements are implemented.

·Annual reports on the measures carried out to verify compliance by these obliged entities with their obligations related to customer due diligence, including beneficial ownership requirements, suspicious transaction reports and internal controls.

·Member States should put in place some mechanisms to ensure that the creation of structures should be carried out under control of a professional (obliged entity), who should have to develop their due diligence.

·Member States should put in place some mechanisms allowing competent authorities and FIUs to identify the situations where:

(i) for legal entities: obliged entities have identified the senior manager as the beneficial owner, instead of the natural person who ultimately owns or controls the legal entity through direct or indirect ownership. In such case, obliged entities should keep record of any doubt that the person identified is the beneficial owner.

(ii) for legal arrangements: obliged entities should identify cases where the settlor, trustee, protector, beneficiaries or any other natural person exercising ultimate control over the trust involve one or several legal entities. In such cases, the obliged entities should also identify the beneficial owner of these legal entities.

·Member States should put in place mechanisms to ensure the information held in central beneficial ownership register is verified on a regular basis. For this purpose, a national authority should be designated to collect and check the information on the beneficial owner. This national authority should receive from obliged entities any discrepancy that would be found between the beneficial ownership information held in the registers and the beneficial ownership information collected as part of their customer due diligence procedures. Where such discrepancies are not sufficiently justified by the legal structure or the legal arrangement, the national authority should provide for adequate pecuniary and/or administrative sanctions.

·Member States should ensure that services providers related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking are properly regulated and supervised at national level and comply with their obligations on beneficial ownership.

Product

Deposits on accounts

Sector

Credit institutions- Private banking and wealth management

Description of the risk scenario

Perpetrators are using private banking and wealth management for investing in shares for integration of criminal proceeds, title of shares to conceal BO, frauds for predicate offence (e.g. insider dealing); brokerage accounts; investment to justify criminal proceeds as profit; predicate investment fraud. Placement of proceeds by using specialised, high-return financial services.

General comments

For this risk scenario, financial services concern high value investments and not the investments done by individuals in retail services.

Threat    

Terrorist financing

The assessment of the TF threat related to private banking (wealth management) has not been considered as relevant. In that context, the TF threat is not part of the assessment.

Conclusions: non relevant

Money laundering

The assessment of the ML threat related to private banking (wealth management) shows that this sector is used in connection with the following predicate offences: corruption and drug trafficking, fraud and tax evasion. This reduces the "scope" of organised crime organisations that may rely on this risk scenario. It requires some level of expertise that makes it not so easy to access and not very attractive (not financially viable). In particular, when dealing with private banking, the service is quite "high cost" (need of sufficient funds to access this financial service) and the business relationship less easy to establish.

Conclusions: from the above, the ML threat related to private banking is considered as moderately significant/significant (level 2- 3)

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to private banking (wealth management) has not been considered as relevant. In that context, the TF vulnerability is not part of the assessment.

Conclusions: non relevant

Money laundering

The assessment of the ML vulnerability related to private banking (wealth management) shows that:

(a) risk exposure:

Private banking is generally exposed to high profile customers with a bigger risk appetite (PEPs in particular). It presents a higher geographical risk via establishment of branches in some third countries that do not have necessarily equivalent AML/CFT regimes to the EU AML/CFT framework.

(b) risk awareness: 

According to FIUs, private banking is characterised by a very low (almost inexistent) level of STRs. As for investments services, institutions are sometimes competing between their commercial objectives and the need to fight against ML. The competition component is not negligible. It is worth mentioning that in this sector, the risk assessment is not always precise enough to ensure that the sector is aware of its risks, in particular risks linked to fraud and tax evasion. The supervision of activities at cross-border level is not considered as adequate. Based on the information received, supervisors could not show a sound understanding of the operational AML/CFT risks posed by this specific type of business activity.

(c) legal framework and controls: 

Private banking is covered by AML/CFT requirements at EU level. Competent authorities consider that controls in place are not efficient. They explain this weakness by the fact that the quality of the controls depend on the financial culture of a country and that the understanding of the risks posed by this sector is not the same from one Member State to another. It is also important to mention that new risks and opportunities may emerge with FinTech/RegTech.

Conclusions: large amounts of transactions concerned and the fact that it implies high risk customers (PEPs) and potentially high risk areas (third countries with branches), the risk exposure is quite high. The low level of STRs shows that the controls in place are not necessarily adequate. However, there is a legal framework which establishes the basics of AML/CFT requirements. In that context, the level of ML vulnerability related to private banking is considered as significant (level 3).

Mitigating measures

For the Commission

·The Commission proposed to reinforce the Directive (EU) 2015/849 by putting forward targeted amendments as presented in the Commission's proposal adopted in July 2016 (see COM(2016)450):

(i) broadening the scope and reinforcing accessibility of beneficial ownership information for legal entities and legal arrangements. This will also include interconnection of beneficial ownership registers at EU level.

(ii) clarifying explicitly that electronic identification means as set out in Regulation (EU) No 910/2014 ("e-IDAS") can be used for meeting CDD requirements

·Launching further analysis in order to identify risks and opportunities on FinTech/RegTech. The Commission set up a FinTech Task Force with the objective of assessing technological developments, technology enabled services and business models, determine whether existing rules and policies are fit for purpose and identify options and proposals to harness opportunities or address possible risks.

·The Commission will carry out a study mapping and analysing on-boarding bank practices across the EU and any next steps will be assessed

 For the European Supervisory Authorities (ESAs)

·ESAs to provide for updated guidelines on internal governance further clarifying expectations with regard to the functions of the compliance officer in financial institutions. The Commission will further analyse whether those guidelines allow the position of the AML/CFT – compliance officer to be sufficiently reinforced.

·In the context of the update of the Joint Committee of the ESAs' joint opinion on risks of ML and TF, ESAs should provide an analysis of operational AML/CFT risks linked to the business/business model in the private banking sector.

For competent authorities

·Member States should ensure that supervisors conduct a sufficient number of on-site inspections that is commensurate to the ML/TF risks identified. In this context, supervisors should assess the implementation of rules with regard to identification of beneficial ownership (compliance with the BO definition).

·Member States' supervisory authorities should carry out a thematic inspection on private banking within 2 years, except for those that carried out recently such thematic inspections. The results of the thematic inspections should be communicated to the Commission. 

Product

Crowdfunding

Sector

Crowdfunding platforms

General description of the sector and related product/activity concerned

Crowdfunding refers to an open call to the public to raise funds for a specific project. Crowdfunding platforms are websites that enable interaction between fundraisers and individuals interested in contributing financially to the project. Financial pledges can be made and collected through the platform.

The different business models that are used by crowdfunding platforms can be grouped into the following broad categories:

·Investment-based crowdfunding: Companies issue equity or debt instruments to crowd-investors through a platform.

·Lending-based crowdfunding (also known as crowdlending, peer-to-peer or marketplace lending): Companies or individuals seek to obtain funds from the public through platforms in the form of a loan agreement.

·Invoice trading crowdfunding: a form of asset-based financing whereby businesses sell unpaid invoices or receivables, individually or in a bundle, to a pool of investors through an online platform.

·Reward-based crowdfunding: Individuals donate to a project or business with expectations of receiving in return a non-financial reward, such as goods or services, at a later stage in exchange of their contribution.

·Donation-based crowdfunding: Individuals donate amounts to meet the larger funding aim of a specific charitable project while receiving no financial or material return.

·Hybrid models of crowdfunding: Combine elements of the other types of crowdfunding.

In a study commissioned by the Commission and published on 30 September 2015 2 , data coverage from crowdfunding platforms across the EU was approximately 68% by EUR volume of the estimated total market size for the time period under consideration (2013-14). 3 Data covered loans, equity, rewards, donations and other crowdfunding models. As at 31 December 2014, 510 live platforms were active in the EU and 502 platforms were located in 22 Member States. Most platforms were located in the United Kingdom (143), followed by France (77) and Germany (65). The majority of platforms were involved in reward-based crowdfunding (30%), followed by platforms involved in equity crowdfunding (23%) and loan-based crowdfunding (21%).

Project data from the platforms amounted to a total of EUR 2.3 billion successfully raised in 2013-14. 4 The largest single projects raised EUR 6.1 million (equity) and EUR 5.0 million (loan). This compares with EUR 5 trillion of domestic outstanding bank loans to non-financial corporations in the EU at the end of 2014. Across the EU between 2013 and 2014, amounts raised through equity crowdfunding platforms grew by 167%, and amounts raised through loan crowdfunding platforms grew by 112%.

In 2014 the average amount raised was EUR 260 000 for equity crowdfunding and EUR 11 000 for loan crowdfunding. The average size of offers seems to be increasing. For example, the average amount raised through equity platforms grew by 21% (from EUR 215 000 to EUR 260 000).

Crowdfunding is an EU-wide phenomenon, as crowdfunding projects were identified in every Member State in 2013-14. However, there are significant differences in levels of activity between Member States. For equity crowdfunding projects located in the EU covered by the study, in 2013-14 the United Kingdom was the largest market by total amount raised (EUR 69 million), followed by France (EUR 14 million) and Germany (EUR 11 million). For loans crowdfunding projects covered by the study, in 2013-14 the United Kingdom was by far the largest market with EUR 1.6 billion, followed at a distance by Estonia (EUR 17 million) and France (EUR 12 million).

Cross-border project funding within the EU was EUR 102 million in 2013-14, less than 5% of total funding raised, of which EUR 15 million in cross-border financial return-based transactions. 5 However, it is likely that these amounts understate the true level of cross-border activity, as they only account for situations where the platform and the project are located in two different Member States (thus excluding situations where the provider of funds and the platform are located in two different Member States).

As far as the EU AML/CFT framework is concerned, it is not generally applicable to crowdfunding platforms as such - but it is applicable to specific types of crowdfunding services depending on the Business Models. According to the ESMA 6  Directive 2005/60/EC applies to firms including credit institutions and financial institutions, the latter including MiFID investment firms, collective investment undertakings and firms providing certain services offered by credit institutions without being one (including lending, money transmission, participation in securities issues and related services). As many platforms are currently operating outside the scope of MiFID they would not be automatically captured by the 3AMLD. However, the definition of ‘financial institution’ also includes those carrying out money transmission, participation in securities issues and the provision of services related to such issues, and safekeeping and administration of securities. Depending on the business model, this could capture some crowdfunding platforms. In addition, in the context of its analysis of risks and risk drivers of lending-based crowdfunding, ESMA identified money laundering risks as one of those 7 .

Description of the risk scenario

Perpetrators can create platforms to collect/accumulate funds and transfers them abroad for ML purposes or to finance terrorist attacks. This can be done by creating crowdfunding platforms directly linked to financial institutions or left to private initiatives on the internet. Crowdfunding platforms are set up under fictitious projects in order to allow collection of funds which are then withdrawn within the EU or transferred abroad. This could be used either to collect funds from legitimate sources for the purpose of terrorist financing – or to collect illicit funds from criminal activities using anonymous products.

Perpetrators post messages on the internet asking for donations in the form of prepaid mobile phone cards which are sold to raise funds; direct requests on Internet (via Tweeter) for specific amounts used ultimately for the purchase of illicit products.

Social media misuses (the so called "crowdsourcing") are another kind of risk scenario. Terrorists groups in particular have made use of social media and other online and mobile platforms to obtain funds which are channelled afterwards through different means of payment. This type of crowdsourcing is not further analysed in this fiche.

Threat    

Terrorist financing:

Terrorist groups may have the intent to use the crowdfunding techniques to collect funds. Open sources information indicated that some cases were identified with regard to recent terrorist attacks. There are overall few cases where they have been used, and it covers usually smaller funds. Crowdfunding does not necessarily allow large amounts of funds to be raised which makes this risk scenario less attractive. In addition, suspicious activities are quite easier to detect and may deter terrorist groups from using this modus operandi as it is not the most secure option. However, if perpetrators invest more consequent planning, they could enable them to set up collection platforms allowing for more anonymous operations (use of strawmen or relatives) – which makes it more attractive.

Conclusions: there are some indicators that terrorist groups have used crowdfunding. It is not financially viable to raise or channel large amounts. It may be rather insecure compared to other types of services, or it requires more planning in order to hide the illicit intent. In that context, TF threat related to crowdfunding is considered as moderately significant (level 2).

Money laundering

The assessment of the ML threat related to crowdfunding shows that there is little to no evidence or indicators that criminals have used it to launder proceeds of crime. There are situations where criminals set up a company which is then used for crowdfunding activities but this requires some expertise and it can be costly. One case identified concerned a complex Ponzi scheme, using scam and fake projects. This confirms that this scenario is difficult to access and requires having access to payment processes. Nevertheless, while it requires some expertise, the intent is not negligible.

Conclusions: criminals may have vague intentions to exploit this modus operandi which is not necessarily attractive and may be costly. In any case, it requires some expertise to be profitable. There is little evidence that it has been used. In that context, the level of ML threat related to crowdfunding is considered as lowly - moderately significant (level 1/2)

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to crowdfunding shows that the sector cannot be assessed without taking other sectors into consideration.

(a) risk exposure:

The level of risk exposure varies depending on whether crowdfunding is directly linked to financial institutions or left to private initiatives on the internet. In both cases, it may imply the use of virtual currencies or (anonymous) electronic money which may constitute factors of vulnerabilities. Depending on the type of platform, the services may facilitate anonymous transactions – i.e. there may be limited or no CDD since the only requirements might be an e-mail address which can be opened without any controls, and the payments on the platform are made through an IP address in a location different than the user's address.

(b) risk awareness: 

Even when a financial institution is involved, there is a lack of knowledge about the sources of funds, the scope of the funding and its purpose. When provided through private initiatives, crowdfunding services are out of the scope of any AML/CFT monitoring. Competent authorities, including at EU level, are aware that TF risks exist but the risk assessment is still incomplete at this stage to have a clear understanding of the risks. It is important to mention that where these platforms are included in the list of obliged entities, FIUs receive STR.

(c) legal framework and controls: 

Crowdfunding as such is currently not covered by AML/CFT requirements at EU level. Hence there is no horizontal framework setting AML/CFT obligations for those services. Depending on the business model (e.g. UCITS), specific types of crowdfunding services may be covered by AML/CFT obligations – although those would not be the primary services for terrorist financing since it concerns more high value investment collections. Some Member States have covered crowdfunding platforms in their law through the transposition of the Payment Services Directive I. At this stage, 10 Member States have specific laws in place to cover crowdfunding platforms and 4 Member States adopted AML/CFT provisions. However, competent authorities consider that controls and supervisory actions are weak in particular given to the fact that many platforms are not established physically in the territory where they operate which hinders the efficiency of the controls. Where credit and financial institutions are involved, the effectiveness of controls is lower due to the fact that they can only rely on more limited information to monitor transactions and apply red flags. It is important to mention that new risks and opportunities may emerge with FinTech/RegTech.

Conclusions: the sector is not homogeneous and may interact with other sectors that can increase the level of vulnerabilities. Controls in place are not harmonised because there is no horizontal framework dealing with this issue. There are some concerns about the risk awareness of the sector. In that context, the level of TF vulnerability related to crowdfunding is considered as significant (level 3)

Money laundering

The assessment of the ML vulnerability related to crowdfunding shows similar vulnerability assessment as TF.

(a) risk exposure: 

The level of risk exposure varies depending on whether crowdfunding is directly linked to financial institutions or left to private initiatives on the internet. In both cases, it may imply the use of virtual currencies or anonymous electronic money which may constitute factors of vulnerabilities. Depending on the type of platform, the services may facilitate anonymous transactions – i.e. there may be limited or no CDD since the only requirements might be an e-mail address which can be opened without any controls, and the payments on the platform are made through an IP address in a location different than the user's address.

(b) risk awareness: 

The infiltration of such platforms by criminal organisations shall also be considered as an additional factor of vulnerability. Some LEAs and FIUs tend to consider that crowdfunding represents a widespread way to launder money. Even when a financial institution is involved, there is a lack of knowledge about the sources of funds, the scope of the funding and its purpose. When provided through private initiatives, crowdfunding services are out of the scope of any AML/CFT monitoring. Competent authorities, including at EU level, are aware that ML risks exist but the risk assessment is still incomplete at this stage to have a clear understanding of the risks. It is important to mention that where these platforms are included in the list of obliged entities, FIUs receive STR.

(c) legal framework and controls: 

Crowdfunding as such is currently not covered by AML/CFT requirements at EU level. Hence there is no horizontal framework setting AML/CFT obligations for those services. Depending on the business model (e.g. UCITS), specific types of crowdfunding services may be covered by AML/CFT obligations. Some Member States have covered crowdfunding platforms in their law through the transposition of the Payment Services Directive I. At this stage, 10 Member States have specific laws in place to cover crowdfunding platforms and 4 Member States adopted AML/CFT provisions. However, competent authorities consider that controls and supervisory actions are weak in particular given to the fact that many platforms are not established physically in the territory where they operate which hinders the efficiency of the controls. In case credit and financial institutions are involved, the effectiveness of controls is lower due to the fact that they can only rely on more limited information to monitor transactions and apply red flags. It is important to mention that new risks and opportunities may emerge with FinTech/RegTech.

Conclusions: the risk exposure is rather limited although large sums may be engaged in crowdfunding activities. Controls in place are not harmonised because there is no horizontal framework dealing with this issue. When regulated, these platforms are well aware of their risks and the level of reporting is quite good. The controls in place are still, sometimes, weak especially when obliged entities rely on limited information to carry out checks. In that context, the level of ML vulnerability is considered as significant (level 3).

Mitigating measures

·When applying article 4 of the 4AML Directive for extending the scope of obliged entities, Member States should consider the need to define crowdfunding platforms as obliged entities to be subject to AML/CFT requirements. Member States definitions of crowdfunding platforms should be aligned to the definition in the Commission's forthcoming legal framework – planned to be adopted in Q4 2017

Product

Conversion of funds

Sector

Currency exchange offices

Description of the risk scenario

Perpetrators are converting their funds into another currency to facilitate the conversion, transfer or laundering of funds.

Threat    

Terrorist financing

The assessment of the TF threat related to currency exchange shows that terrorist groups exploit this modus operandi, and especially foreign terrorist fighters. The conversion EUR/USD is particularly attractive for these groups. Bringing currency into conflict zones is one of the basic practices to finance the travels. From a technical point of view, the conversion of funds does not require specific planning, knowledge or expertise, and it's quite easy to access. Although it does not consist in the raising or transferring of funds, it is a necessary step for moving physically "clean" currency (most of the time in cash). Terrorist groups may consider that the exchange of currency is as attractive as the collection or the transfer of funds to finance their activities.

Conclusions: terrorist groups show some intent and capability to use currency exchange to sustain/carry out their operations. This scenario does not require specific planning or expertise and has been used already. In that context, the level of TF threat related to currency exchange is considered as significant (level 3).

Money laundering

The assessment of the ML threat related to currency exchange shows that there are some cases where currency exchange offices have been infiltrated by criminal organisations to run their activities. This is particularly relevant in offices operating in airport zones. High volumes of money can be easily converted and make the access to "clean" currency easy for these criminal organisations. Similarly to TF, the currency exchange does not require specific planning or expertise for ML purposes. However, currently, the volume of suspicious transactions is difficult to assess.

Conclusions: although the volume of cases is difficult to assess by law enforcement authorities, the indicators show that criminal organisations may use currency exchange to launder proceed of crime. This scenario does not require specific planning or expertise and has already been used. In that context, the level of ML threat related to currency exchange is considered as significant (level 3)

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to currency exchange shows that the vulnerability is present whatever the type of transaction concerned:

- the customer gives sums in cash and orders to exchange this cash for a currency that has to be transferred to an indicated bank or payment account.

- the currency exchange is performed on the internet and transferred, electronically, to an indicated bank account or payment account.

(a) risk exposure: 

The fact that currency exchange offices deal most of the time with transactions in cash is a factor indicating a higher vulnerability. This is amplified when large denomination notes are involved, and these are not properly monitored. LEAs and competent authorities have noticed that PEPs are also common users of currency exchange.

(b) risk awareness: 

In the different risks scenarios where currency exchange offices are used, MVTS providers or bank/payment institutions are associated to these offices. The consequence is that currency exchange offices tend to rely on the underlying MVTS providers or on the bank/payment institution to conduct the customer due diligence measures. In this context, the currency exchange office/platform is not able to get the full picture of the business relationship. Despite factors of high exposure, the level of STRs remains low except in specific cases, such as USD conversion requested from high risk third countries (e.g. Syria), It seems that the sector does not show awareness to TF risks.

(c) legal framework and controls: 

Currency exchange offices are covered by the AML/CFT framework at EU level. There is little information concerning the level of controls which vary a lot from one Member State to another. Some Member States have dedicated AML/CFT compliance departments dealing with currency exchange offices but this practice is not widespread enough to draw concrete consequences. In particular when carrying occasional transactions, currency exchange offices have to apply CDD only for occasional transactions beyond EUR 15 000 under 3AMLD. This threshold is relatively high, especially in the context of terrorism financing risks where low amounts are at stake.

Conclusions: the awareness of the sector to TF risk is low and relies too often on the due diligence conducted by associated sectors, such as MVTS or bank/payment institutions. High risk customers and countries are recurrently involved in such transactions. The legal framework in place does not have an influence on the level of STRs. In that context, the level of TF vulnerability related to currency exchange is considered as significant (level 3).

Money laundering

The assessment of the ML vulnerability related to currency exchange shows that:

(a) risk exposure: 

The fact that currency exchange offices deal most of the time with transactions in cash is a factor indicating a higher vulnerability. This is amplified when large denomination notes are involved, and these are not properly monitored. LEAs and competent authorities have noticed that PEPs are also common users of currency exchange. Currency offices in boarder zones are more vulnerable than other offices.

(b) risk awareness:

In the different scenarios where currency exchange offices are used, MVTS providers or bank/payment institutions are associated to these platforms. The consequence is that currency exchange offices tend to rely on the underlying MVTS providers or on the bank/payment institution to conduct the customer due diligence measures. In that context, the currency exchange office is not able to get the full picture of the business relationship. For AML purposes, the level of reporting is uneven from one Member State to another, and does not necessarily consist in STR (mostly CTR).

(c) legal framework and controls: 

Currency exchange offices are covered by the AML/CFT framework at EU level. The regulation and the supervision of the sector is usually not considered as robust enough, and is less efficient than for other financial institutions. In particular, when carrying occasional transactions, currency exchange offices have to apply CDD only for occasional transactions beyond EUR 15 000 under 3AMLD. This threshold seems relatively high, which explains why Member States usually applied lower thresholds at national level. Such variety of thresholds for occasional transactions by currency exchange offices may have a negative effect from an internal market perspective.

Conclusion: awareness of the sector is rather uneven, and controls in place are not efficient given the low level of reporting. Competent authorities do not consider that the regulation and the supervision work effectively. In that context, the level of ML vulnerability related to currency exchange is considered as significant. (level 3)

Mitigating measures

·Member States should ensure that supervisors conduct a sufficient number of on-site inspections that is commensurate to the ML/TF risks identified.

·Competent authorities should provide further risk awareness and risk indicators relating to terrorist financing.

·Member States should define a threshold below EUR 15 000 triggering CDD obligations in case of occasional transactions, which is commensurate to the AML/CFT risk identified at national level. Member States should report to the Commission such threshold applicable to occasional transactions defined at national level. A threshold similar to the one for occasional transactions for transfers of funds as defined in article 11(b)(ii) of 4AMLD is considered as commensurate to the risk (i.e. EUR 1 000).

Product

E-money

Sector

Credit and financial institutions

General description of the sector and related product/activity concerned

'Electronic money’ is defined under the second E-Money Directive (EMD2, 2009/110/EC) as electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions and which is accepted by a natural or legal person other than the electronic money issuer.

A key characteristic of e-money is its pre-paid nature. This means that an account, card, or a device needs to be credited with a monetary value in order for that value to constitute e-money. Examples of e-money are money stored on cards, money stored on mobile devices, and money stored in online accounts. Depending on the way e-money is stored, it can be classified as ‘hardware-based’ or ‘server-based’. Certain e-money products require identification of the owner, others allow owners to remain anonymous

Prepaid cards can have many different features, including reloadable and non-reloadable functionalities; cards linked to other e-money schemes (i.e. cards linked to online accounts); or cards with basic bank account features (also known as IBAN cards), which can accept incoming bank transfers in order to credit the card balance.

Other potential distinctions between e-money products can include the manner in which e-money is created or issued. The key distinction relates to whether e-money can be pre-paid by the user (payer) or by a third-party on behalf of or in favour of the payer (e.g. company in case of business-to-business (B2B) cards or by a merchant in multi-merchant loyalty schemes). It is also linked to the question of whether an e-money product allows for reloading (i.e. ability to add more value to the product after the initial issuing of e-money by the issuer). Yet another distinction could also be made between personalised and non-personalised products.

Not all monetary value that is stored electronically should be considered as e-money in the context of the EMD2. Limited network products such as gift cards and public transport cards that can only be used with a certain retailer or a chain of defined retailers are outside the scope of EMD2. Also, virtual currencies such as Bitcoin are not considered as e-money as they do not represent monetary value.

Description of the sector

In the landscape of e-money, prepaid cards and e-wallets are predominant. As regards the use of e-money for making payment transactions, there is a clear increasing trend in the use of account based e-money products as compared to card based products. Looking into the future, growth is primarily expected in the area of digital wallets used for e-commerce payments (i.e. Google Wallet). With regard to technological developments, increased usage of NFC (Near Field Communication) technology allowing for contactless payments using mobile phones, is expected.

Systematic examination of the market in terms of volume and value of e-money transactions is more complex. Although the European Central Bank (ECB) serves as a central source of statistical data on the value and volume of e-money transactions, there are numerous data gaps. According to the ECB, this is mainly due to the fact that only Eurozone Member States are required to report statistical information, with remaining Member States doing this voluntarily.

Although existing ECB statistics do not provide a full picture of the size of the e-money market, they provide some indications concerning the orders of magnitude related to the market size, as well as changes over time.

According to the ECB data on the e-money market, in 2014, e-money payment transactions for the 22 Member States that provided data amounted to EUR73 billion corresponding to e-money payment transactions with e-money issued by EU resident payment service providers. This amount of EUR73 billion includes 57 billion in LUX (Pay-Pal, Amazon) and 13 billion in IT. The number of transactions was 2.09 billion (including 1.5 billion in LUX and some 300 million in IT). These data are not complete as they do not include several non-euro area markets and therefore underestimate the actual size of the EU market. The average transaction value on that basis was of EUR35. E-money payments represented 3% of the total number of electronic payment transactions in the euro area (EU-18). In the last 5 years (2010-2014), the number of e-money transactions in the EU increased 2 times, and their value 2.5 times.

On the basis of the ECB statistics, the prepaid instrument market in 2014 would have represented EUR19.3 billion 8 , out of which 13 billion are attributable to the IT prepaid cards which are essentially distributed by a public body, Poste Italiane, and 3.2 billion to the UK market, which is the second largest in size in the EU. The ECB statistics do not cover limited network markets, including the gift card market. However, these cards are outside the scope of the AML/CTF legislation, at EU or national level, as their use is restricted to limited networks of retailers, or petrol stations (for fuel cards), and hence such cards present low AML/CTF risks.

Relevant actors

Electronic money can be issued by credit institutions, electronic money institutions and post office giro institutions where they have a licence to do so. Also the European Central Bank, national central banks and Member States with their regional or local authorities when acting in their public capacity are allowed to do so.

A recent, not yet published, study commissioned by the Commission, has identified that in 2014, 177 e-money institutions (EMIs) were licenced EU wide to issue e-money, the majority of them being in the UK and DK, NL, LV, BE, CZ. No EMIs were identified in AT, EE, GR, IE, PO, PT, SK, SI.

As regards the different business models used for the issuance of e-money, three types of actors are recognised in EMD2:

·the issuer: entity which ‘sells’ e-money to the customer (whether a consumer or a business) in exchange for a payment. It is also the entity that requires authorisation to issue electronic money and is regulated by EMD2;

·the distributor: entity other than the issuer that can distribute or redeem e-money on behalf of the issuer (i.e. it re-sells the e-money issued by the issuer, such as a retail outlet selling prepaid cards);

·the agent: entity that acts on behalf of the EMI through which an EMI can carry out payment services activities in another Member State (except for issuing e-money) without establishing a branch in that Member State.

In practice, this distinction appears to be used by the consulted EMIs primarily in the context of cross-border provision of e-money services, with selected EMIs using ‘distribution partners’ in order to operate in other Member States.

Description of the risk scenario

Perpetrators use characteristics and features of some of new payment methods "directly" using truly anonymous products (i.e. without any customer identification) or “indirectly” by abusing non-anonymous products (i.e. circumvention of verification measures by using fake or stolen identities, or using straw men or nominees etc.)

Perpetrators can load multiple cards under the anonymous prepaid card model. This multiple reloading could lead to substantial values which can then be carried out abroad with limited traceability.

Threat    

Terrorist financing

The assessment of the TF threat related to e-money shows that the use of e-money can be particularly attractive for terrorist groups, as it allows funds to be moved easily and anonymously (in particular with prepaid cards instead of bulk of cash). In practice, e-money is rather easy to access and does not require specific expertise or planning. This is even more the case for non-account based e-money products. As far as the use for TF purposes is concerned, LEAs have gathered evidence that e-money loaded onto prepaid cards has been used to finance terrorist activities, in particular to assist the terrorists in committing their actions (hotel or car rentals).

However, the level of TF threat presented by e-money shall be assessed proportionally to the level of threat represented by cash which constitutes a more competitive and more attractive tool because it is easier to access than e-money. In that sense, cash is still the preferred option to finance travels to war zones. At the same time, e-money loaded onto prepaid cards may be seen by terrorist groups as more secure as it allows more discrete payments than cash. They may also see this option as more attractive when cash transactions are not an available option (e.g. online transactions, online purchases).

Conclusions: e-money is attractive for terrorist groups, especially when loaded onto prepaid cards, as it allows terrorist activities to be financed easily and with a low level of planning/expertise. LEAs have evidence that this modus operandi has been used recurrently. However, it seems that it is still less attractive than cash. In that context, the level of TF threat related to e-money is considered as significant/very significant (level 3/4).

Money laundering

The assessment of the ML threat related to e-money shows that the volume of transactions concerned is high and this modus operandi is quite attractive for criminal organisations, including non EU ones who want to operate in the EU. This is particularly the case for e-money carried out via prepaid cards.

FIUs have detected multiples cases of misuses of e-money (tax fraud, drug trafficking, prostitution) through the purchase of multiple prepaid cards of large amounts (sometimes above EUR600). LEAs have noticed cases where the proceeds of drug trafficking were laundered by prepaid cards. Prepaid cards may allow large amounts of funds to be easily brought (some cards have no limit).

As for TF, the intent to use cash remains nevertheless higher than using e-money.

Conclusions: similarly to TF, e-money is attractive for criminal organisations and terrorist groups, especially when loaded onto prepaid cards, as it can easily allow money laundering and requires a low level of planning/expertise. The intent is quite high, while the capability of criminal organisations to use e-money is still higher for cash than for e-money. In light of this, the level of ML threat related to e-money is considered as significant/very significant. (level 3/4).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to e-money shows that:

(a) risk exposure: 

Due to the fact that some e-money products may, in certain circumstances, entail anonymous transactions, the risk exposure of the sector is high. E-money products are nowadays widespread means of payment which can generate significant volumes of financial flows in a speedy and sometimes anonymous way, including cash-based which may have cross-border functionalities. Based on new technologies, inherent risks of e-money depend on the structure of the product, the nature of the operator and its capability in managing these new technologies to effectively identify and report suspicious transactions. Regulators and supervisors have noticed that this capability is uneven from one operator to another. The fact that e-money does not necessarily involve high amounts is rather irrelevant in the context of terrorist financing, due to the often low costs of carrying out terrorist activities.

(b) risk awareness:

The promotion of e-money products in the field of financial inclusion or vulnerable people impacts the risk awareness of the sector which tends to consider TF abuses as marginal. Thus, the sector tends to advocate that due to the low level of TF risks, simplified CDD is adequate. Where CDD is exempted (i.e. where no identification and no verification is performed), the monitoring of the transaction is not considered as sufficient to identify suspicious transactions and to process reporting of the transactions (no data linked to the transaction). The risk awareness tends nevertheless to increase. Some big players of the e-money market have developed robust risk assessments in order to better identify and understand the risks that the sector faces. They also improved awareness focused on CTF compliance and auditing, through information sharing and training. In addition, there are increasing initiatives aimed at engaging with competent authorities and LEAs. Some Member States have already included in their national AML/CFT framework some mitigating measures to limit the risks posed by the anonymity (for instance transactions still recorded when processed through the internet or the possibility to keep track of the IP addresses). However, from a more general point of view, the sector is still not harmonised and small players tend to have limited resources to provide guidance, training or dedicated staff. Based on the information received, it seems that supervisory authorities have a limited understanding of the TF risks to which the e-money sector is exposed.

(c) legal framework and controls

E-money is covered by AML/CFT requirements at EU level. Under the current AML/CFT framework, e-money products benefit from an exemption regime which allows CDD not to be applied when specific conditions are fulfilled (EUR250 for non-reloadable e-money or EUR 2500 for reloadable e-money). The inclusion of e-money in the EU AML/CFT framework has played a role in increasing the suspicious transactions reports. However, many electronic money institutions operate across borders in the EU. In that context, the supervision of the sector is not considered as sufficiently robust to address the TF risk. It appears that the anonymity of the product is a feature meant to attract customers – a feature which is then compensated by the monitoring of transactions; however this approach raises doubt regarding the effectiveness of AML/CFT framework in the absence of identification measures. Finally, new risks and opportunities may emerge with FinTech/RegTech.

Conclusions: when used anonymously, e-money is inherently exposed to TF vulnerability. The level of awareness of the sector is growing but not in a sufficient way to allow FIUs to acquire enough data from suspicions transactions. In that context, the level of TF vulnerability related to e-money is considered as significant/very significant. (level 3/4)

Money laundering

The assessment of the ML vulnerability related to e-money shows that:

(a) risk exposure:

Due to the fact that some e-money products may, in certain circumstances, entail anonymous transactions, the risk exposure of the sector is high. E-money products are nowadays widespread means of payment which can generate significant volumes of financial flows in a speedy and sometimes in an anonymous way, including cash-based which may have cross-border functionalities. Based on new technologies, inherent risks of e-money depend on the structure of the product, the nature of the operator and its capability in managing these new technologies to effectively identify and report suspicious transactions. Regulators and supervisors have noticed that this capability is uneven from one operator to another.

(b) risk awareness: 

The promotion of e-money products in the field of financial inclusion or vulnerable people impacts the risk awareness of the sector which tends to consider ML abuses as marginal. Thus, the sector tends to advocate that due to the low level of ML risks, simplified CDD is adequate. Where CDD is exempted (i.e. where no identification and no verification is performed), the monitoring of the transaction is not considered as enough to identify suspicious transactions and to process reporting of the transactions (no data linked to the transaction). The risk awareness tends nevertheless to increase. Some big players of e-money market have developed robust risk assessments in order to better identify and understand the risks that the sector faces. They also improved awareness focused on AML compliance and auditing, through information sharing and training. In addition, there are increasing initiatives aimed at engaging with competent authorities and LEAs. Some Member States have already included in their national AML/CFT framework some mitigating measures to limit the risks posed by the anonymity (for instance transactions still recorded when processed through the internet or possibility to keep track of the IP addresses). However, from a more general point of view, the sector is still not harmonised and small players tends to have limited resources to provide guidance, training or dedicated staff. Based on the information received, it seems that supervisory authorities have a limited understanding of the TF risks to which the e-money sector is exposed.

(c) legal framework and controls: 

E-money is covered by AML/CFT requirements at EU level. Under the current EU AML framework, e-money products benefit from an exemption regime which allows CDD not to be applied when specific conditions are fulfilled (EUR250 for non-reloadable e-money or EUR 2500 for reloadable e-money). The inclusion of e-money in the EU AML/CFT framework has played a role in increasing the suspicious transactions reports. However, LEAs and competent authorities tend to consider that the controls in place are not efficient enough and that e-money remains, from the elements gathered during criminal investigations, a tool used by criminal organisations (using anonymous products or products subject to simplified due diligence). It appears that anonymity of the product is a feature meant to attract customers – a feature which is then compensated by the monitoring of transactions; however this approach raises doubts regarding the effectiveness of AML/CFT framework in the absence of identification measures. Concerning supervision, the situation is rather similar to that of other payment institutions (see relevant fiche) – noting ESAs stressed weaknesses in this sector for managing ML risks associated with technological advances and financial innovation. Finally, the recent adoption of Directive 2014/92/EU on access to payment accounts (due to be transposed by September 2016) is an important element to take into consideration in the context of the financial inclusion aspects. New risks and opportunities may emerge with FinTech/RegTech.

Conclusions: e-money is inherently exposed to ML vulnerability when used anonymously. While the level of awareness of the sector to ML risks seems higher than for TF, the structure of the sector and its capability to provide for dedicated resources and training is quite low. The level of STRs confirmed this point. The legal framework in place has increased the controls applied in this sector, but these controls remain inadequate (monitoring only). In that context, the level of TF vulnerability related to e-money is considered as moderately significant/ significant (level 2/3).

Mitigating measures

·The Commission proposes in its proposal for amending Directive (EU) 2015/849 (COM(2016)450) to (i) lower (from 250 to 150 EUR) the thresholds in respect of non-reloadable pre-paid payment instruments to which such CDD measures apply and (ii) suppress the CDD exemption for online use of prepaid cards. This will better serve identification purposes and widen customer verification requirements. Limiting the anonymity of prepaid instruments will provide an incentive to use such instruments for legitimate purposes only, and will make them less attractive for terrorist and criminal purposes.

·In the context of the update of the Joint Committee of the ESAs' joint opinion on risks of ML and TF, ESAs should provide an analysis of operational AML/CFT risks linked to the business/business model in the e-money sector.

Product

Transfers of funds

Sector

Credit and financial institutions –Money value transfer services (MVTS)

General description of the sector and related product/activity concerned

Money value transfer or money remittance is defined under PSD2 as a payment service where funds are received from a payer, without any payment accounts being created in the name of the payer or the payee, for the sole purpose of transferring a corresponding amount to a payee or to another payment service provider acting on behalf of the payee, and/or where such funds are received on behalf of and made available to the payee.

A key example of money remittance is the remittances service offered by large agency network providers (Money Value Transfer Systems or MVTS) where the payer gives cash to a payment service provider’s agent to make it available to the payee through another agent.

Statistics:

Money remittance is a payment service that can be provided by banks, e-money institutions and authorised payment institutions (APIs). Money remittance is the payment service for which APIs are most commonly authorised for (40% of all authorisations).

According to the report on the Payment Services Directive of London Economics and IFF in association with PaySys , in 2012 9 there were 568 authorised payment institutions in the EU (considering the Payment Institutions registers and additional information provided by competent authorities) out of which 330 were specifically authorised to provide money remittance services.

Regarding the ECB payment statistics, these are the relevant statistics per reporting country on money remittance:

In addition, it could also be pointed out that all countries have some type of estimate on workers’ remittances (defined as current private transfers from migrant workers who are considered residents of the host country -i.e. non-residents of the home economy- to recipients in the workers’ country of origin) from either the World Bank Migration and Remittances Factbook or Eurostat, with the notable exception of Denmark and the UK which do not collect remittances data at all. According to some general figures of the World Bank on 2012, this type of global workers´ remittances were then estimated $ 514 billion of which $401 billion were sent to developing countries (World Bank Report 2012), with a growth rate of more than 10% per year.

The market landscape shows that different types of MVTS providers are operating. This is reflected in the Payment Services Directive, which provides for "registered MVTS" and "authorised MVTS".

Description of the risk scenario

ML: Perpetrators may use MVTS services:

- to comingle funds from legitimate/illegimate customers (fake ID, fake invoices, …)

- to launder proceeds of crime through settlement systems in a third country (using passporting). MVTS channel funds through highly complex payment chains with a high number of intermediaries and jurisdictions involved in the funds circuit, thereby hindering traceability of illicit funds. MVTS operating throughout the payment chain often establish formal and/or informal settlement systems (frequently along with trade-based money laundering techniques) also hampering traceability of illicit funds.

- to break large sums of cash into smaller amounts that can be sent below the thresholds where stricter identification of the customer is required

- to place the proceeds of crime into the financial system through the regulated MVTS offering payment accounts or similar products. Perpetrators may also use such regulated MVTS providers to channel their funds

- to place and/or transfer their funds, through money remittance services. Risks of ML/TF activity may be particularly high when funds to be transferred are received in cash or in anonymous e-money

TF: Perpetrators use money and value transfers services provided by financial institutions to place and/or transfer funds that are in cash or in anonymous e-money (non-account based transactions). They use MVTS services to transfer rapidly amounts across jurisdictions, usually favouring a series of low amounts transactions to avoid raising red flags.

Threat    

Terrorist financing

The assessment of the TF threat related to money value transfers services shows that terrorist groups recurrently use this modus operandi. LEAs and FIUs have gathered strong evidence that these services are used to collect and transfers funds which support the financing of terrorist activities, both within the EU and in particular to transfer funds by/for foreign terrorist fighters travelling to/from the conflict zones. MVTS are, depending on their organisation, easy to access and terrorists do not require specific expertise or techniques to abuse this service for finance terrorist activities. Terrorists might be more attracted to use large MVTS due to its global network of agents, whilst smaller MVTS might not be so attractive since they usually operate in a limited number of countries. Due to their features (see vulnerabilities part), MVTS are perceived as attractive and secure.

Conclusions: MVTS are recurrently used to finance terrorist activities and do not require specific knowledge or planning. In light of this, the level of TF threat related to MVTS is considered as very significant (level 4).

Money laundering

The assessment of the ML threat related to money value transfers services does not differ from that of TF. Organised crime groups recurrently use this modus operandi. LEAs and FIUs have gathered strong evidence that these services are used to collect and transfers funds which support the activities of money laundering. MVTS are, depending on their organisation, easy to access and do not require specific expertise or techniques to launder proceeds of crime. Due to their features (see vulnerabilities part), MVTS are perceived as attractive and secure.

Conclusions: MVTS are recurrently used to launder money and do not require specific knowledge or planning. In light of this, the level of ML threat related to MVTS is considered as very significant (level 4).

Vulnerability

The assessment of the TF vulnerability related to money value transfers services presents, for several aspects, similarities with ML vulnerability assessment.

(a) risk exposure: 

Reliance on cash based transactions and the recurring use of these services in high risk areas lead to a high risk exposure.

(b) risk awareness: 

According to the competent authorities, the risk awareness of the sector has recently increased (due to the recent terrorist attacks) but the suspicious transactions remain difficult to detect because of the low amounts at stake. The level of reporting varies a lot and depends on the size of the MVTS provider. Big players may report more than small players, who rarely report back to FIUs according to FIU feedback. However, LEAs notice that the bigger players are more misused by terrorists than the smaller ones. There is a lack of information sharing between branches (due to personal data restrictions) which may impede national authorities in identifying suspicious actors related to a suspect which take place between two third countries.

(c) legal framework and controls

Registered and authorised MVTS are subject to AML/CFT requirements at EU level. The controls in place are considered as inadequate by competent authorities, in particular in the context of cross-border transactions, to address TF risks. Because of the reliance on agents, the supervision of the sector is very challenging: supervisors find it difficult to monitor what agents are doing in term of compliance with CDD requirements. Currently, the cross-border cooperation is not working properly and supervisors are not able to appropriately put in place the controls and the sanctions regime. In addition, when carrying out occasional transactions, MVTS providers have to apply CDD only for occasional transactions beyond EUR15 000 under 3AMLD. This threshold seems relatively high, especially in the context of terrorism financing risks where lower amounts are at stake.

Conclusions: MVTS vulnerability to TF is similar to MVTS vulnerability to ML. Even if the private sector is more aware about the risk of being abused for TF purposes, the detection of suspicious transactions remains difficult due to the low amounts concerned. The cross-border exchange of information is still challenging, in particular due to the reliance on agents. In light of this, the level of TF vulnerability related to MVTS is considered as significant/very significant (level 3/4).

Money laundering

The assessment of the ML vulnerability related to money value transfers services cannot be undertaken without considering that most of the MVTS rely on agents. In the context of MVTS, agents constitute the main factor for risk exposure. They are, in addition, difficult to control and supervise.

a) risk exposure: 

MVTS services are, in a number of cases, cash based and allow for anonymous and speedy transactions. Due to their features and in particular the reliance on agents, they can be provided in high risk third countries and may be used by high risk customers which are meant to be subject to specific monitoring and controls. Usually MTVS provide non-account based transfers of funds, therefore there is no lengthy financial relationship but only a series of isolated transactions, for which the only form of CDD consists in recording the formal identification data of the clients. This feature, together with the possibility of identity frauds, makes it also possible to use “straw persons”, so that no information about the real individuals behind the transactions (senders/receivers) or the purpose of the transactions themselves is detectable.

b) risk awareness: 

Competent authorities and FIUs consider that the understanding of the risk within the MVTS sector is not high enough and that the customer due diligence measures undertaken are too weak. IT systems are mostly in place at the level of the group, but agents are not aware of the risks and of the adequate level of CDD to be applied. LEAs have noticed the recurrent use of fake ID and repeated occasional transactions to support ML schemes and which undermine the sector's capability to detect suspicious transactions. Consequently, FIUs also find difficulties in detecting and analysing the risk. The organisational framework of the MVTS is, by definition, not centralised as these services may be provided by non-bank operators which are difficult to reach, to provide some guidance or training.

c) legal framework and controls: 

Registered and authorised MVTS are subject to AML/CFT requirements at EU level. However, still because of the reliance on agents, the supervision of the sector is really challenging: supervisors find it difficult to monitor what agents are doing in terms of compliance with CDD requirements. Currently, cross-border cooperation is not working properly and supervisors are not able to appropriately organise the controls and the sanctions regime. In addition, when carrying out occasional transactions, MVTS providers have to apply CDD only for occasional transactions beyond EUR15 000 under 3AMLD– which limits the effect of CDD rules applied in the sector.

Conclusions: whilst the risk exposure of the MVTS sector is high, the risk awareness is quite low because of the lack of a centralised organisational framework. The reliance on agents constitutes a factor of vulnerability which hampers the supervision and the controls. The legal framework in place is not comprehensive enough to address issues such as the cross-border cooperation or supervisory actions on the agent. In that context, the level of ML vulnerability related to MVTS is considered as significant/very significant (level 3/4).

Mitigating measures

·The 4AMLD will reinforce CDD measures with regard to occasional transactions for funds transfer (threshold of EUR1 000 applicable for transfers of funds – which triggers CDD obligations).

·In the context of the update of the Joint Committee of the ESAs' joint opinion on risks of ML and TF, ESAs should provide an analysis of operational AML/CFT risks linked to the business/business model in the MVTS sector.

·Member States should ensure that supervisors conduct a number of on-site inspections commensurate to the level of ML/TF risks identified. These inspections should include a review of training carried out by agents of obliged entities.

·Member States' supervisors should carry out a thematic inspection in the MVTS sector within 2 years, with the exception of those that recently carried out such thematic inspections. The results of the thematic inspections should be communicated to the Commission.

·In addition, competent authorities should provide further risk awareness and risk indicators relating to terrorist financing to the MVTS sector. The obliged entities should provide mandatory training to agents to ensure that they are aware about their AML/CFT obligations and how to detect suspicious transactions.

·Pending the application of 4AMLD, Member States should define a threshold below EUR15 000 triggering CDD obligations in case of occasional transactions, which is commensurate to the AML/CFT risk identified at national level. A threshold similar to the one for occasional transactions for transfers of funds as defined in article 11(b)(ii) of 4AMLD is considered as commensurate to the risk (i.e. EUR1 000). In addition, Member States should provide guidance on the definition of occasional transactions providing for criteria ensuring that the CDD rules applicable to business relationship are not circumvented.

Product

Illegal/informal transfer of funds through hawala

General description

Hawala predates traditional or western banking and is one of the informal funds transfer (IFT) systems that are in use in many regions for transferring funds, both domestically and internationally. These IFT are considered as unregulated payment services under EU law; hence they are illegal within the EU.

Hawala payments are informal funds transfers that are made without the involvement of authorised financial institutions. In principle the money does not physically move from the payer to the payee, but is, as is also often the case in money remittances, done through an offsetting of balances between the hawaladar of the payer and the hawaladar of the payee.

Contrary to regulated remittance systems, IFT is based on a network of key players (Hawaladars) tied by trust (due to specific geographic regions, families, tribes, ethnic communities, nationalities, commercial activity, etc) and who compensate each other by net settlement over a long period of time using banking channels, trade or cash. This means that, contrary to all other remittance systems, no funds are transferred for each and every transaction, but there is a net settlement. They use a local cash pool with money that was already in the system to pay the beneficiary. After a set period of time (usually after 2-3 months) only the net amount is settled. Hawaladars aggregate months of funds received through individual remitters and then perform the settlement.

To illustrate this modus operandi, a hawaladar from country A (HA) receives funds in one currency from the payer and, in return, gives the payer a code for authentication purposes. He then instructs his country B correspondent (HB) to deliver an equivalent amount in the local currency to a designated beneficiary, who needs to disclose the code to receive the funds. After the remittance, HA has a liability to HB, and the settlement of their positions is made by various means, either financial or goods and services.

Hawala is often used by migrant workers to transfer money to overseas relatives in developing countries without the high costs of currency exchange and with lower handling costs compared to a regular remittance. As Hawala does not take place between licenced and supervised financial entities, the engagements between all parties are based on connections and trust. The cost effectiveness, the swifter transmission of amounts as compared to classical remittances, often requiring correspondent banking, and the lack of a paper trail, has made this type of transfers popular. Not being regulated, hawaladars do not feel bound by formal exchange rates, thereby allowing them to offer lower exchange rates than the regulated counterparties. Hawaladars can engage in foreign exchange speculation by exploiting naturally occurring fluctuations in the demand for different currencies. This enables them to make a profit from hawala transactions.

There is no reliable quantifiable data on the size of Hawala in the EU or globally, as the entities are not supervised and their money flows are not processed through authorised payment systems and therefore not systematically monitored (although traces may exist when compensation take place). There is limited/no information to be able to assess the size of the problem in the EU – and to assess to what extent hawala services exist in the EU.

Hawala payments show a large resemblance to remittances, except that the transfers take place between natural persons. As the service that they provide can be equated to remittance, the hawaladars, when operating from within the EU, should therefore be authorised under the Payment Services Directive to do so.

There are known risks to the use of Hawala payments. Reports from the US Treasury indicate that Hawala is known to be used for hiding cash flows that normally would be subject to VAT or other taxation rules on their other (import/export) business in the country where the Hawala dealer is operating. The manipulation of invoices is a very common means of settling accounts after the transactions have been made. A Hawala dealer manipulates the invoices on products that are shipped to the Hawala dealer abroad (under-invoicing). By doing so, it settles its debt following from the Hawala business and avoids tax payments. Vice-versa, by "over-invoicing" imported products, the Hawala dealer can arrange to be paid by the other Hawala dealer abroad for the payment that it has done to a beneficiary at the request of the Hawala dealer abroad.

The anonymity and minimal documentation of Hawala transactions has made it vulnerable to be used for illegal activities or money laundering purposes. There is a consensus that, in the wake of heightened international efforts to combat money laundering and terrorist financing, more should be done to keep an eye on IFT systems to avoid their misuse by illicit groups. This issue was lately discussed in the context of G7 FMs&CBGs Meeting in Washington D.C. on 20 April 2017.

Description of the risk scenario

Perpetrators are using hawala and informal transfers of funds to channel funds for ML/TF purposes. Perpetrators are attracted since hawala and similar illegal services do not ensure traceability of transactions / reporting of suspicious transactions. The system works via a system of net settlement over a long period of time using banking channels, trade or cash. Contrary to all other remittance systems, funds are not transferred for each and every transaction; Hawala uses net settlement. Also, within the Hawala network unique techniques are used:

-Bilateral settlement, the “reverse hawala” between two Hawaladars.

-Multilateral settlement, “triangular”, “quadrangular” or other between several Hawaladars part of the same network.

-Value settlement through trade transactions, usually applying TBML techniques (shipment of the equivalent value through trade transactions, such as merchandise or other commodities such as paying a debt or invoice of same value that they owe, over or under invoicing, double invoicing, Black Market Peso Exchange, etc.).

-Settlement through cash via cross-border cash couriers, banking and MSB channels.

Particular Hawala networks are created to serve exclusively criminal needs, by placing and layering criminal money and paying the equivalent value on demand elsewhere in the world. They are known to use the techniques described above. In addition to protect themselves they use these particular measures:

- Quick cash pick ups.

- Authentication via Token.

- Placement via cuckoo smurfing.

All these techniques are unique to the Hawala system and are all known red flag indicators of Hawala activities for EU LEAs.

Such particular Hawala networks – the Criminal Hawala, also follows a particular structure, composed of:

- Controllers or money Brokers – makes the deal with the OCGs for the collection of dirty cash and for delivery of its value on a chosen destination.

- Co-ordinators - an intermediary working for the Controller and managing different Collectors.

- Collectors – collects dirty cash from criminals and disposes of it.

- Transmitter - receives and dispatches the money obtained by the Collector (usually an MSB operator).

Threat    

N/A

Those IFT are considered as unregulated payment services under EU law; hence they are illegal within the EU. The size of the problem is not easily identified due to the lack of information.

According to Europol information, it seems associated to certain businesses (Travel agencies, pawn shops, mobile phones and, SIM cards sales, top-up of mobile cards, grocery stores, import/export business and various neighbourhood type of businesses as nail salons, hairdressers, beauty salons, flower shops) of certain ethnic communities (India, Afghanistan, Pakistan, Iran, United Arab Emirates, Somalia and China) that are extremely common in the EU. Europol is also aware of several multi-million EUR on-going money laundering investigations focusing on criminal Hawala.

Since there are no direct money/value flows between sender and receiver that LEAs can track or trace, tracing the money/value flow in a Hawala network is virtually impossible. Even if ledgers are seized, it is not possible to trace money/value flow since those ledgers are usually encrypted and are increasingly located on cloud servers located in non-cooperative jurisdictions. This opacity makes it attractive for perpetrators.

Vulnerability

N/A

Those IFT are considered as unregulated payment services under EU law; hence they are illegal within the EU. There is no specific vulnerability assessment for illegal services in the context of the SNRA

Mitigating measures

·The Commission services together with Europol and the ESAs will carry out an analysis of Informal Funds Transfer/Hawala in order to define the size of the problem and suitable measures to reduce the threat posed by these illegal activities.

Product

Payment services

Sector

Credit and financial sector

General description of the sector and related product/activity concerned

Payment services regulated by the Payment Services Directive (2007/64/EC) cover a wide variety of services. They range from cash deposits and withdrawals from bank and payment accounts (cash deposits are addressed in a separate fiche), money remittance (see separate fiche as well), the execution of payment transactions such as credit transfers, direct debit transactions and payments with credit and debit cards. A ‘payment transaction’ is defined as an act, initiated by the payer or on his behalf or by the payee, of placing, transferring or withdrawing funds, irrespective of any underlying obligations between the payer and the payee.

Furthermore, PSD covers the issuing of payment instruments, such as debit and credit cards and the acquiring of payment transactions on the payee's side.

PSD does not regulate all payments. Payments in cash or paper cheque payments are not covered, and neither are payments sent through an intermediary of a telecom IT or network operator. They may however be regulated at national level by the Member States.

Recently, the PSD has been revised. The revised PSD, commonly referred to as PSD2, entered into force on 13 January 2016. With a transitional period of two years for Member States to implement the provisions, PSD2 will become applicable on 13 January 2018.

PSD2 will cover additional payment services which have emerged during the past years in the slipstream of the digitalization of the services. These services are referred to as payment initiation services (PIS). PIS allow consumers to pay for their online purchases by a simple credit transfer instead of a credit card payment (around 60% of the EU population does not have a credit card). The service provider can check if there are sufficient funds on the consumer's account balance to make the payment. It informs the merchant immediately that the payment order has been sent to the payer's bank, which will allow the web merchant to already ship the goods or render the service before the amount is booked on his account. PSD2 will cover these new payments addressing issues which may arise with respect to confidentiality, liability or security of such transactions.

The large majority of payments are done electronically. The total number of non-cash payments in the EU increased by 2.8% to 103.2 billion in 2014 compared to the previous year:

- payments with credit and debit cards accounted for 46% of all transactions,

- credit transfers accounted for 26% and direct debits for 21%,

- the number of direct debits in the EU decreased in 2014 by 6.6% to 21.9 billion,

- the number of credit transfers remained unchanged at 27.0 billion,

The number of cards with a payment function in the EU increased in 2014 by 0.9% to 766 million, with a total EU population of 509 million, this represented around 1.5 payment cards per EU inhabitant. The number of card transactions rose by 8.8% to 47.5 billion, with a total value of EUR 2.4 trillion. This corresponds to an average value of around EUR 50 per card transaction (Source: ECB, more information on the relative importance of each of the main payment services across EU countries in 2014 can be found in annex 1).

The tables below show the level of the share of card usage in total card and cash usage in 2011 (large bars in green and red) and the growth in the share of card usage in total card and cash usage over the three periods). Most of the EU countries saw a significant increase in the card use since 2011 until 2014, with a few exceptions of decreased usage in Portugal, Ireland, Luxembourg, Malta and Austria.

Retail payment systems

Retail payment systems in the EU have payments that are made by the public, with a relatively low value, a high volume and limited time-criticality. In 2014, 42 retail payment systems existed within the EU as a whole. During the year, almost 50 billion transactions were processed by those systems with an amount of EUR 38.3 trillion. 23 of these systems were located in the euro area, where they processed nearly 37 billion transactions in 2014 (i.e. 74% of the EU total) with a value amounting to EUR 27.2 trillion (i.e. 71% of the EU total).

Large-value payment systems

Large-value payment systems (LVPSs) are designed primarily to process urgent or large-value interbank payments, but some of them also settle a large number of retail payments. During 2014, 14 systems settled 749 million payments with a total value of EUR 682 trillion in the EU. The two main LVPSs in the euro area (TARGET2 and EURO1/STEP1) settled 145 million transactions amounting to EUR 541 trillion in 2014, i.e. 79% of the total value.

Payment service providers

Within the EU, not only credit institutions are allowed to provide payment services. In addition, electronic money institutions, post giro institutions and regional or local authorities where they do not act as public authorities can do so. In addition, with the adoption of PSD in 2007, a new entity has been introduced, the so-called payment institutions, which can only provide payment services and are not allowed to take deposits or issue e-money.

The introduction of payment institutions has increased competition in the payments market since 2009.

The large majority of payments are done electronically. The total number of non-cash payments in the EU, increased by 2.8% to 103.2 billion in 2014 compared with the previous year:

- card payments accounted for 46% of all transactions,

- credit transfers accounted for 26% and direct debits for 21%,

- the number of direct debits in the EU decreased in 2014 by 6.6% to 21.9 billion,

- the number of credit transfers remained unchanged at 27.0 billion,

The number of cards with a payment function in the EU increased in 2014 by 0.9% to 766 million, with a total EU population of 509 million, this represented around 1.5 payment cards per EU inhabitant. The number of card transactions rose by 8.8% to 47.5 billion, with a total value of EUR 2.4 trillion. This corresponds to an average value of around EUR 50 per card transaction (Source: ECB, more information on the relative importance of each of the main payment services across EU countries in 2014 can be found in annex 1).

The tables below show the level of the share of card usage in total card and cash usage in 2011 (large bars in green and red) and the growth in the share of card usage in total card and cash usage over the three periods). Most of the EU countries had a significant increase in the card use since 2011 until 2014, with few exceptions of decreased usage in Portugal, Ireland, Luxembourg, Malta and Austria.

The following table shows the ECB statistics of institutions providing payment services:

The majority of payment service providers still consist of credit institutions and the like.

As for the smaller players, EU wide (status 2012), there were 568 authorised payment institutions (APIs), 2,203 small payment institutions (SPSPs, payment institutions that are only allowed to provide payment service in the country where they have obtained a licence) and 71 e-money institutions. The distribution of payment institutions (APIs and SPSPs) is highly concentrated, in each case a few countries accounting for the vast majority of such institutions in the EEA. The UK accounts for 39.4% of all APIs in the EEA, and the UK together with Spain (8.1%), Italy (7.9%), Germany (6.5%), Netherlands (4.9%) and Sweden (4.3%) account for 71% of all APIs in the EEA. As for the SPSPs, 44.8% were registered in Poland, and 43.6% were registered in the UK. The UK also accounted for 42.2% of all e-money institutions in the EEA.

Description of the risk scenario

Perpetrators are using the banking and financial system to channel their funds through bank accounts, wire credit and debit transfers, (peer-to-peer) mobile payments and Internet-Based Payment Services

Threat    

Terrorist financing

The assessment of the TF threat related to payment services shows that account-based transactions are used by terrorists to store and transfer funds and to pay for the services or products needed to carry out their operations, in particular when processed through the internet. According to research on the financing of European jihadist terrorist cells, the formal banking system is one of the six methods most commonly used by terrorist groups. The majority of terrorist cells located in Europe have derived some income from legal sources – usually received through the formal banking system – and use bank accounts and credit cards both for their everyday economic activities and for attack-related expenses. Due to the account based elements terrorist groups' intent to rely on this risk scenario is more limited. However their capability to use it is quite high. Payment services allow cross-border transactions that may rely on different mechanisms of identification (depending on national legislations) that may lead the terrorists to use false identity. Thus, LEAs cannot track the originator or beneficiary of the transaction. It requires specific skills but, according to LEAs, these skills are commonly widespread within terrorist groups and do not constitute an obstacle (mobile/internet payments quite easy). The amounts concerned seem to remain, nevertheless, quite limited.

Conclusions: terrorist groups use payment services to finance terrorist activities. They rely on IT skills to circumvent identification requirements and do not need specific knowledge to access this channel which is rather attractive and secure. The amounts concerned remain nevertheless quite limited. In that context, the level of TF threat related to payment services is considered as significant (level 3).

Money laundering

The assessment of the ML threat related to payment services has been considered as presenting similarities with deposits on account /retail banking. This risk scenario concerns both placing funds and withdrawing funds (i.e. deposits on account and use of this account). It is frequently used by criminals but also by relatives/close associates and this extends the scope of the intent and capability analysis. The source of the funds used in payment services is coming from non-legitimate origin. It requires a bit of planning and knowledge of how banking systems work.

Conclusions: criminal group organisations use rather frequently this modus operandi which is easily accessible, although it requires some knowledge and planning capabilities to ensure that origin of funds is hidden. In that context, the level of ML threat related to payment services is considered as significant/very significant (level 3/4)

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to payment services presents some commonalities with the assessment of TF vulnerability concerning retail payment services.

(a) risk exposure:

It is inherently high due to the characteristics of payment services. They involve very significant volumes of products and services. Although they are generally not anonymous (as they are linked to an identified account), they may interplay with very significant volumes of higher risk customers or countries, including cross-border movements of funds. They also interact with new payment methods (mobile/internet) which may increase the level of risk exposure because it implies, by definition, a non-face-to-face business relationship.

(b) risk awareness

The risk awareness is quite good due to the fact that the sector has put in place guidance to detect the relevant red flags on TF. This is confirmed by a good level of reporting, as the sector seems to have adequate tools to detect these risks. However, CDD and risk indicators are not always sufficient to detect a link to terrorist activities due to the legitimate origin of the funds. Competent authorities are also well aware about the vulnerabilities of the sector (see Egmont group project on ISIL) and are proactively engaged with the sector.

(c) legal framework and controls

Payment services are included in the AML/CFT legal framework at EU level. This framework is in place for many years and controls are considered globally as efficient. As far as the legal framework is concerned, it covers equally bank and payment institutions. Controls in place are nevertheless less efficient when dealing with payment institutions. New risks and opportunities may emerge with FinTech/RegTech.

Conclusions: although the risk exposure may be considered as quite high (significant level of transactions), the sector shows a good level of awareness to the risk vulnerability and is able to put in place the relevant red flags. The legal framework and controls are the basis of a good level of reporting. In that context, the level of TF vulnerability related to payment services is considered as moderately significant. (level 2)

Money laundering

The assessment of the ML vulnerability related to payment services presents some commonalities with the assessment of ML vulnerability related to retail services.

(a) risk exposure:

It is inherently high due to the characteristics of payment services. They involve very significant volumes of products and services. Although they are generally not anonymous (as they are linked to an identified account), they may interplay with very significant volumes of higher risk customers or countries, including cross-border movements of funds. They also interact with new payment methods (mobile/internet) which may increase the level of risk exposure because it implies, by definition, a non-face-to-face business relationship.

(b) risk exposure:

Competent authorities have noticed some discrepancies between banking and payment institutions, the latter being less aware of ML risks. Agents of payment institutions have, most of the time, an insufficient knowledge of AML rules, leading to a low level of CDD and weak controls (in particular due to lower human resources). The insufficient monitoring is present both at the opening of the payment account (entry point) and at the processing of the transaction.

(c) legal framework and controls:

Payment services are included in the AML/CFT legal framework at EU level. As far as the legal framework is concerned, it covers equally bank and payment institutions. The reliance on account-based transactions implies that the legal framework applies commonly to bank and not banks entities. This framework is in place for many years and controls are considered globally as efficient. Controls in place are nevertheless less efficient when dealing with payment institutions. New risks and opportunities may emerge with FinTech/RegTech.

Conclusions: the risk exposure and the risk awareness of the sector are quite similar to what happens in the retails services sector. As far as the legal framework is concerned, it covers equally bank and payment institutions. Controls in place are nevertheless less efficient when dealing with payment institutions. In that context, the level of ML vulnerability related to payment services is considered as moderately significant (level 2).

Mitigating measures

·The 4AMLD will reinforce CDD measures with regard to occasional transactions for funds transfer (threshold of EUR 1000 applicable for transfers of funds – which triggers CDD obligations).

For credit institutions:

·The Commission proposed to reinforce the Directive (EU) 2015/849 by putting forward targeted amendments as presented in the Commission's proposal adopted in July 2016 (see COM(2016)450):

(i) broadening the scope and reinforcing accessibility of beneficial ownership information for legal entities and legal arrangements. This will also include interconnection of beneficial ownership registers at EU level.

(ii) clarifying explicitly that electronic identification means as set out in Regulation (EU) No 910/2014 ("e-IDAS") can be used for meeting CDD requirements

·The Commission will launch further analysis in order to identify risks and opportunities on FinTech/RegTech. The Commission FinTech Task Force will assess technological developments, technology enabled services and business models, will determine whether existing rules and policies are fit for purpose and will identify options and proposals to harness opportunities or address possible risks.

·The Commission will carry out a study mapping and analysing on-boarding bank practices across the EU and any next steps will be assessed

·Updated guidelines on internal governance further clarifying expectations with regard to the functions of the compliance officer in credit institutions should be provided by the ESAs. The Commission services will further analyse whether those guidelines allow the position of the AML/CFT – compliance officer to be sufficiently reinforced.

For financial institutions

·Member States should ensure that supervisors conduct a number of on-site inspections commensurate to the level of ML/TF risks identified. Those inspections should include a review of training carried out by agents of obliged entities.

·Member States' supervisors should carry out a thematic inspection in the MVTS sector within 2 years, except for those that carried out recently such thematic inspections. The results of the thematic inspections should be communicated to the Commission.

·In addition, competent authorities should provide further risk awareness and risk indicators relating to terrorist financing to the MVTS sector. The obliged entities should provide mandatory training to agents to ensure that they are aware about their AML/CFT obligations and how to detect suspicious transactions.

·Pending the application of 4AMLD, Member States should define a threshold below EUR 15 000 triggering CDD obligations in case of occasional transactions, which is commensurate to the AML/CFT risk identified at national level. A threshold similar to the one for occasional transactions for transfers of funds as defined in article 11(b)(ii) of 4AMLD is considered as commensurate to the risk (i.e. EUR 1000). In addition, Member States should provide guidance on the definition of occasional transactions providing for criteria ensuring that the CDD rules applicable to business relationship are not circumvented.

Product

Virtual currencies

Sector

Virtual currencies providers

General description of the sector and related product/activity concerned

Definitions

"Virtual currencies" means a digital representation of value that is neither issued by a central bank or a public authority, nor necessarily attached to a fiat currency, but is accepted by natural or legal persons as a means of payment and can be transferred, stored or traded electronically.

Various stakeholders are involved in the virtual currency market with the main ones being:

- User : a person or legal entity that obtains Virtual Currencies (VC) and uses it to purchase real or virtual goods or services, or to send remittances in a personal capacity to another person (for personal use), or who hold the VC for other purposes, such as an investment. Typically users can obtain VC in one of the following three ways:

·through an exchange (or, for most centralised VCs, directly from the entity governing the scheme) using Fiat Currencies (FC) or some other VC;

·engaging in specific activities, such as responding to a promotion, completing an online survey, ‘mining’ (running special software to solve complex algorithms to validate transactions in the VC system); and/or

·receiving VC from the scheme governing entity, the issuer or another user who is acting for purposes other than his or her trade, business or profession.

- Miners: in decentralised VC schemes, miners deliberately solve complex algorithms to obtain small amounts of VC units. Miners tend to operate anonymously, from anywhere in the world, and validate VC transactions. When a group of miners controls more than half the total computational power used to create VC units, the group is potentially in a position to interfere with transactions, for example by rejecting transactions validated by other miners. Miners group into pools of miners (Antpool, F2Pool, BitFury, BTCC Pool, BW.COM…). Currently, most miners are located in China.

- Wallet providers: users may hold their VC accounts on their own devices or entrust a wallet provider to hold and administrate the VC account (an e-wallet) and to provide an overview of the user’s transactions (via a web or phone-based service).

There 2 types of wallets providers:

·software wallets providers and

·custodial wallets providers (including multi-signature wallets).

Contrary to software wallet providers that provide applications or programs running on users hardware (computer, smartphone, tablet…) to access public information from a distributed ledger and access the network, custodial wallet providers include the custody of the user’s public and private key. Compared to traditional financial services, they are quite close to bank accounts. Wallets can be stored both online (‘hot storage’) and offline (‘cold storage’), the latter of which increases the safety of the balance by protecting the wallet.

- Exchange platforms: a person or entity engaged in the exchange of VC for fiat currency, fiat currency for VC, funds or other brands of VC. Exchanges may generally accept a wide range of payments, including cash, credit transfers, credit cards and other VCs. Comparable to traditional currency exchanges, the larger VC exchanges provide an overall picture of the changes in a VC’s exchange price and its volatility. Some exchanges may offer services to their clients, such as conversion services for merchants who accept VCs as payment, but fear a depreciation risk and would immediately like to convert any incoming VC-payments into a (national) fiat money of their choice.

Compared to traditional financial services, they are the "bureau de change" of the virtual currency world. ATMs are included under this category.

The VC market in the EU

Official data regarding the market is hard to reach. Based on various websites tracking volumes and prices of exchanges or conducting research, the following estimations could be given. Market players tend to provide lower estimates than the statistics found online. Hence, the following statistics should reflect a upper-level but balanced estimation:

Description of the risk scenario

ML: Perpetrators use virtual currency systems traded on the internet to transfer funds or purchase goods anonymously (cash funding or third-party funding through virtual exchangers).

TF: Virtual currency systems can be traded on the internet, are generally characterised by non-face-to-face customer relationships, and may permit anonymous funding or purchase (cash funding or third-party funding through virtual exchangers that do not properly identify the funding source). They may also permit anonymous transfers, if sender and recipient are not adequately identified.

Threat    

Terrorist financing

The assessment of the TF threat related to virtual currencies shows that terrorist groups may have some interest in using VCs to finance terrorist activities. A limited but increasing number of cases related to TF through VCs have been reported. Egmont group has identified virtual currencies as a tool by terrorist groups and terrorist groups are known to have given instructions on the internet (including via twitter) on how to use VCs. However, the technology is quite recent and in any case requires some knowledge and technical expertise which has a dissuasive effect on terrorist groups. The reliance on virtual currencies to fund terrorist activities has some costs and is not necessarily attractive.

Conclusions: LEAs have gathered some information according to which terrorist groups may use virtual currencies to finance terrorist activities. However, the use of virtual currencies requires technical expertise which makes it less attractive. Consequently, the level of TF threat related to virtual currencies is considered as moderately significant (level 2).

Money laundering

The assessment of the ML threat related to virtual currencies shows that organised crime organisations may use virtual currencies to have access to "clean cash" (both cash in/out). When used, virtual currencies allow organised crime groups to access cash anonymously and hide the transaction trail. They may acquire private keys of the e-wallets or obtain some cash from ATM. However, cases are quite rare at this stage and few investigations have been undertaken concerning this risk scenario. One of the reasons is that the reliance on virtual currencies to launder proceeds of crime requires some technical expertise. According to LEAs, the amounts of money laundered via virtual currencies are quite low, which tends to demonstrate that criminals' intent to use them is rather limited because this modus operandi is not considered as attractive enough (in particular because of the volatility of the virtual currencies' market). From a technical point, virtual currencies present some commonalities with e-money but the IT expertise at stake for virtual currencies means that organised crime would have lower capability to use them than e-money which is more widely accepted.

Conclusions: few investigations have been conducted on virtual currencies which seem to be rarely used by criminal organisations. While they may have a high intent to use due to VCs characteristics (anonymity in particular), the level of capability is lower due to high technology required. Consequently, the level of ML threat related to virtual currencies is considered as moderately significant (level 2).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to virtual currencies providers shall take into account the fact that, currently, virtual currencies are not regulated in the EU and that the risks of being misused for TF purposes are only just emerging.

a) risk exposure:

When used anonymously, virtual currencies allow conducting transactions speedily and without having to disclose the identity of the "owner". By nature, given that they are provided through the internet, the cross-border element is the most prevailing one, increasing the risk to interact with high risk areas or high risk customers that cannot be identified. It is nevertheless important to mention that being currently a developing technology requiring IT skills and expertise, virtual currencies are not necessarily easy to use and the number of transactions is still quite low.

b) risk awareness: 

This component of the TF vulnerability is difficult to assess in a comprehensive manner due to the fact that virtual currencies providers are not regulated as obliged entities at European level at this stage. Evidently, at the moment there is no reporting from VCs providers which does not mean that the sector is not equipped to do so. Nevertheless, competent authorities and FIUs have noticed in their exchanges with the sector that, at this stage, the level of awareness to TF risk is rather low, even if the sector is asking for the adoption of an appropriate AML/CFT legal framework. The sector is not well organised yet and it is difficult to find adequate tools to provide relevant information to the sector in order to increase the level of awareness;

c) legal framework and controls: 

The lack of a legal framework is the most important element of vulnerability. In the current situation, VCs providers cannot be monitored and supervised. There are no common rules in the EU to ensure that VCs providers apply AML/CFT requirements. The international cooperation is non-existent. New risks and opportunities may emerge with FinTech/RegTech.

Conclusions: the most important element of vulnerability for virtual currencies providers is the fact that there are not regulated in the EU. They cannot be properly monitored and they cannot report suspicious transactions to FIU. The inherent risk exposure is also very high due to the features of the virtual currencies (internet, cross-border and anonymity). Finally, the sector is currently not organised well enough to receive guidance or relevant information on AML/CFT requirements. Consequently, the level of TF vulnerabilities related to virtual currencies is considered as significant/very significant (level 3/4).

Money laundering

The assessment of the ML vulnerability related to virtual currencies providers starts from the same caveat as for TF. They are not regulated in the EU and there is little evidence of VCs being misused for ML purposes. However, this does not impede an assessment of the potential vulnerabilities of this risk scenario. There are still few investigations leading to prosecutions but the risk exists and can be analysed.

a) risk exposure: 

Similarly to TF, when used anonymously, virtual currencies allow conducting transactions speedily and without having to disclose the identity of the "owner". By nature, given that they are provided through the internet, the cross-border element is the most prevailing one, increasing the risk to interact with high risk areas or high risk customers (darknet) that cannot be identified. At the stage of the conversion, the use of cash also becomes a new element of vulnerability. The delivery channels are decentralised which increases the risk exposure as well (in particular, ATM offer virtual currencies withdrawal or conversion process). It is nevertheless important to mention that being currently a developing technology requiring IT skills and expertise, virtual currencies are not necessarily easy to use and the number of transactions is still quite low.

b) risk awareness: 

Given the emerging technology concerned, the level of risk awareness from the sector is not granted. Nevertheless, the sector is more and more in need of a legal framework in order for the AML/CFT requirements to be applicable to virtual currencies. FIUs cannot detect and analyse the risk on the basis of the sole blockchain. They cannot identify the amount of funds stored in the wallet and the origin/beneficiary of the funds is also impossible to identify.

c) legal framework and controls: 

Again, similarly to TF, the lack of legal framework is the most important element of vulnerability. In the current situation, VCs providers cannot be monitored and supervised. There are no controls in place and no common rules in the EU to ensure that VCs providers apply AML/CFT requirements. The international cooperation is non-existent. New risks and opportunities may emerge with FinTech/RegTech.

Conclusions: the assessment of ML vulnerability presents commonalities with TF. The most important element of vulnerability for virtual currencies providers is the fact that there are not regulated in the EU. They cannot be properly monitored and they cannot report suspicious transactions to FIUs. The inherent risk exposure is also very high due to the features of the virtual currencies (internet, cross-border and anonymity). Finally, the sector is currently not organised well enough to receive guidance or relevant information on AML/CFT requirements. In that context, the level of TF vulnerabilities related to virtual currencies is considered as significant/very significant (level 3/4).

Mitigating measures

·The Commission proposed in its proposal for amending Directive (UE) 2015/849 that virtual currency exchange platforms as well as custodian wallet providers are added to the list of obliged entities under 4AMLD.

·The Commission would issue a report to be accompanied, if necessary, by proposals, including, where appropriate, with respect to virtual currencies, empowerments to set-up and maintain a central database registering users' identities and wallet addresses accessible to FIUs, as well as self-declaration forms for the use of virtual currency users.

·The Commission will continue to monitor in the context of the SNRA the risks posed by FinTech/RegTech, crypto-to-crypto currency exchanges, and use of virtual currencies for purchasing of high value goods.

Product

Credit loan

Sector

Credit and financial sector (including insurance companies)

Description of the risk scenario

Perpetrators repay business loans with criminal funds (including use of the credit card for repayments in order to legitimise sources of funds). Loans provide legitimacy to criminal funds.

Threat    

Terrorist financing

The assessment of the TF threat related to business loans shows that there few cases where terrorist organisations have used this scenario to collect funds. Business loans are not easily accessible to terrorist organisations because they do not fulfil the conditions to subscribe to this kind of products (level of salary too low, origins of funds coming from social benefits). There are also few cases where sanctioned entities (listed organisations) may try to use business loans to finance terrorist activities through shell companies. However, it requires a sophisticated level of expertise and knowledge.

Conclusions: considering that there is little evidence that criminals used/have the intention to use this modus operandi, the level of TF threat related to business loans is considered as lowly significant (level 1).

Money laundering

The assessment of the ML threat related to business loans shows that there are few indicators that criminals have the intention to exploit this risk scenario which is perceived as unattractive. Fake loans are most of the time part of fraud schemes (e.g. 2 companies subscribe to a fake loan and use a bank to process the transfer of funds) but are not necessarily use to launder proceeds of crime.

Conclusions: considering that there is little evidence that criminals used/have the intention to use this modus operandi, the level of ML threat related to business loans is considered as lowly significant (level 1).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to business loans has been considered in conjunction with ML schemes related to business loans. In that context, the TF vulnerability does not benefit from a separate assessment.

Conclusions: the level of ML vulnerability is considered as lowly significant (level 1).

Money laundering

The assessment of the ML vulnerability related to business loans shows that:

(a) the risk exposure: 

It is quite limited due to the nature of the product itself which implies high value loans that are not granted as easily as consumer credit. Business loans are not particularly exposed to high risk customers or high risk areas, and they are granted generally via secured channels.

(b) risk awareness: 

Financial institutions appear to be sufficiently aware of the risk of fraud that may arise in relation to business loans. They pay particular attention to the risk of forged documentation or fake identity, as they also need to be sure that they can recover the funds granted.

(c) legal framework: 

Business loans are covered by the AML/CFT framework at EU level. Controls in place are considered as consistent with the volume of transactions concerned.

Conclusions: the level of ML vulnerability is considered as lowly significant (level 1).

Mitigating measures

No further proposal is made at this stage

Product

Credit loan

Sector

Credit and financial sector

Description of the risk scenario

Terrorists/organised crime groups use "payday", consumer credit or student loans (short-term, low value but high interest) to fund plots. Loans are given for relatively low amounts allowing the access to funds, the sources for which are untraceable as long as the money is not transferred.

Terrorists/organised crime groups use cash withdrawals with credit cards: criminals withdraw cash with their own credit cards on an ATM, generating a negative balance on their accounts. They disappear with the funds without any intention to reimburse this "forced" credit.

Threat    

Terrorist financing

The assessment of the TF threat related to consumer credit and low value loans shows that this modus operandi is used by terrorist groups to finance travels of foreign terrorist fighters to high risk third countries. The most widespread product is the consumer credit. Low value loans are perceived as rather attractive and as not requiring necessarily a high level of expertise or planning. Nevertheless, and depending on national legislation, the expertise required may vary where specific documentation is needed. It implies that terrorist groups have the capacities to forge some documents.

Conclusions: consumer credit and low value loans are attractive for terrorist groups who have used/are using this modus operandi quite frequently. Certain legislative frameworks may impose specific conditions to acquire consumer credit or low value loans but this does not seem to constitute an obstacle for terrorist organisations. In that context, the level of TF related to low value loans is considered as significant (level 3).

Money laundering

The assessment of the ML threat related to low value loans has not been considered as particularly relevant. In that context, the ML threat is not part of the assessment.

Conclusions: non relevant

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to consumer credits/ low value loans shows that

(a) risk exposure:

From its characteristics, a consumer credit/low value loan does not expose the sector to high vulnerabilities. In general, low amounts are at stake (EUR 1000 is the most common amount), with no involvement of high risk customers or high risk countries. These products are generally granted to students or vulnerable people submitted to specific controls and checks by financial institutions.

(b) risk awareness:

This assumed low risk exposure is nevertheless overcome by the fact that, because of the small amounts, the sector is less aware of the TF risks. In addition, similarly to what has been analysed for the business loans, the risk awareness seems more oriented towards risks of fraud than risk of TF. Hence, the sector does not necessarily trigger any TF red flags. IT systems in place are not necessarily equipped to detect forged documents. Competent authorities consider, in addition, that the level of vulnerability depends on the structure which grants the loan: investigations have shown that consumer credit/low value loans funds are now proposed by phone companies which are not supervised for AML/CFT requirements. FIUs have also noticed that STRs are sometimes filed too late (e.g. when a large amount is withdrawn in one go) which makes furthering the investigations almost impossible as the presumed terrorist is already gone.

(c) legal framework and controls:

Consumer credits/low value loans are covered by the AML/CFT framework at EU level. However, national legislations differ a lot from one Member State to another, as far as the request for documents is concerned. Some Member States require specific documents while others do not. When the loan is granted by a bank, the risks are not necessarily completely mitigated because the funds from loans deposited on a bank account may be withdrawn via ATM with no control. New risks and opportunities may emerge with FinTech/RegTech.

Conclusions: while the volume of transactions and amounts at stake limit the risk exposure of the sector, it appears that the sector is not necessarily aware of the TF risks related to consumer credit/low value loans. The differences between national legislative frameworks show that the capacity of competent authorities and FIUs to detect suspicious transactions is limited, especially when loans are granted by non-financial entities. In that context, the level of TF vulnerability related to low value loans is considered as significant (level 3).

Money laundering

The assessment of the ML vulnerability related to low value loans has not been considered as particularly relevant. In that context, the ML threat is not part of the assessment.

Conclusions: non relevant

Mitigating measure

Competent authorities should put in place systems to allow obliged entities to detect forged documents.

Product

Mortgage credit

Sector

Credit and financial sector

Description of the risk scenario

In the case of money laundering, perpetrators disguise and invest proceeds of crime by way of real estate investment. Proceeds of crime are used for deposit, repayments and early repayment of asset.

In the case of terrorist financing, perpetrators use high value assets backed credit/mortgage loans (medium/long-term, high value with low interest) to fund plots. Loans are subscribed for relative high amounts to access funds which are untraceable as long as the money is not transferred.

Threat    

Terrorist financing

The assessment of the TF threat related to mortgage credit shows that this modus operandi is really difficult to use and to access by terrorist groups. There are few cases where terrorist organisations have used this scenario to collect funds. In addition, they are not attractive because they do not correspond to the needs of terrorist organisations. It requires sophisticated knowledge and technical expertise to be able to produce complex documentations. In addition, it is not attractive because the inherent nature of mortgage credit is to give access to funds to a third party, so it does not allow an easy and speedy access to funds by terrorist organisations, unless complicity has been built with this third party.

Conclusions: mortgage credit requires a high level of knowledge and expertise to understand the product and to provide the relevant documentation (forged documents). It is not attractive due to the fact that it implies the complicity of a third party, beneficiary of the funds. In that context, the level of TF threat related to mortgage credit is considered as lowly significant (level 1).

Money laundering

The assessment of the ML threat related to mortgage credit shows that organised crime organisations have frequently used this modus operandi. They are well equipped to provide false documentation and the structure of the mortgage (third party) assists in hiding the real beneficiary of the funds. It constitutes an easy way to commit fraud because it may lead to the ownership of several pieces of properties to hide the volume of assets.

Conclusions: in the ML context, mortgage credit is a vehicle favoured by criminal organisations. It allows hiding the volume of assets and the beneficial ownership. It requires a moderate level of expertise. Consequently, the level of ML threat related to mortgage credit is considered as significant (level 3).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to mortgage credit shows that this product is not vulnerable to TF risks because few or even no cases were found by LEAs. The risk awareness of the sector is quite low but this does not mean that the risk is unknown, but that it is unlikely and that red flags are adequate in case of suspicion of fraud.

Conclusions: moderately significant (level 2)

Money laundering

The assessment of the ML vulnerability related to mortgage credit shows that:

(a) risk exposure:

Mortgage credit is not exposed to an inherent high exposure to ML risks because, even if it involves high amounts, the financial transaction is executed through secured channels (credit institutions). It may be exposed to high risk customers (e.g. PEPs), and could involve cross-border transfers of funds.

(b) risk awareness:

Credit institutions are well aware about the ML risks - awareness which takes into account the fact that AML controls are exercised by different obliged entities who are engaged at different stages of the real estate purchase-loan approval process (credit institutions, mortgage brokers, real estate agents, notaries, lawyers). This is less the case when mortgage credit involves the real estate sector. The risk awareness is quite good due to the fact that the sector has put in place guidance to detect the relevant red flags on ML. This is confirmed by a good level of reporting. FIUs and LEAs are also well aware about the vulnerabilities of the sector.

(c) legal framework and controls: 

Mortgage credit is included in the AML/CFT framework at EU level. Controls in place are considered as rather efficient when the mortgage credit is provided by credit institutions. However, when a real estate agent is concerned, the controls in place are less efficient. New risks and opportunities may emerge with FinTech/RegTech.

Conclusions: when provided by banks, mortgage credit products are as vulnerable as retail banking. However, most of the time, the interaction with the real estate sector makes the vulnerabilities higher. In that context, the level of ML vulnerability related to mortgage credit is considered as moderately significant (level 2).

Mitigating measures

·The Commission proposed to reinforce the Directive (EU) 2015/849 by putting forward targeted amendments as presented in the Commission's proposal adopted in July 2016 (see COM(2016)450):

(i) broadening the scope and reinforcing accessibility of beneficial ownership information for legal entities and legal arrangements. This will also include interconnection of beneficial ownership registers at EU level.

(ii) clarifying explicitly that electronic identification means as set out in Regulation (EU) No 910/2014 ("e-IDAS") can be used for meeting CDD requirements

·The Commission will launch further analysis in order to identify risks and opportunities on FinTech/RegTech. The Commission FinTech Task Force will assess technological developments, technology enabled services and business models, will determine whether existing rules and policies are fit for purpose and will identify options and proposals to harness opportunities or address possible risks.

·The Commission will carry out a study mapping and analysing on-boarding bank practices across the EU and any next steps will be assessed 

·Updated guidelines on internal governance further clarifying expectations with regard to the functions of the compliance officer in financial institutions should be provided by the ESAs. The Commission services will further analyse whether those guidelines allow the position of the AML/CFT – compliance officer to be sufficiently reinforced.

·Member States should ensure that competent authorities/self-regulatory bodies supervising real estate sector produce an annual report on supervisory measures put in place to ensure that the sector accurately applies its AML/CFT obligations, in particular related to the check of source of funds (mortgage credits). When receiving suspicious transaction reports, self-regulatory bodies shall report annually on the number of reports filed to the FIUs.

Product

Life Insurance

Sector

Insurance sector

General description of the sector and related product/activity concerned

Life insurance companies offer a range of investment products, which include life insurance benefit as a component. The products can be structured as unit linked, or index linked products or other products with or without guarantees from the insurance company.

According to the ECB statistical database the total assets of Insurance Corporations in the Euro area as at September 2015 were reported EUR 7022 billion 14 .

According to data published by Insurance Europe, in 2015, European life premiums amounted to EUR 73 billion 15 .

In addition to the AML Directive, specific provisions are aimed at mitigating risks shown by life insurance used as an investment vehicle. Article 59 Directive 2009/138/EC (Solvency2) and Article 323 Commission Delegated Regulation (EU) 2015/35 require an assessment whether there are reasonable grounds to suspect that, in connection with the qualifying holding of the shareholder or members having a qualifying holding in the special purpose vehicle, money laundering or terrorist financing is being or has been committed or attempted, or that the qualifying holding could increase the risk thereof.

Description of the risk scenario

Perpetrators are using fraud to life insurance products to fund their activities. Early redemption life policies to receive lump sums, particularly where product can be transferred

Money laundering and terrorist financing risks in the insurance industry may be found in life insurance and annuity products. Such products allow a customer to place funds into the financial system and potentially disguise their criminal origin or to finance illegal activities. Relevant risk scenarios are typically focussed on investment products in life insurance (and not on death benefit products as such). The risks may arise or materialise through one or more of the following:

1. An insurer* accepts premium payment in cash.

2. An insurer refunds premiums upon policy cancellation or policy surrender to an account other than the source of original funding.

3. An insurer does not perform KYC due diligence in general and the source of investments in particular.

4. An insurer sells transferable policies (which are uncommon).

5. Investment transactions involve trusts, mandate holders, etc.

6. An insurer sells tailor made products, where the investor dictates the underlying investment or portfolio composition.

7. An insurer may sell a small investment policy initially; where the investor has the opportunity to make further large investment without additional KYC due diligence.

The risk of terrorist financing exists in 2, 4 and 6 above for direct and indirect financing of terrorist operations.

The risk of money laundering exists in all of the above. Perpetrators would use risk scenarios (1, 6 and 7) for placement, (2 and 4) for layering and (2, 4, 6 and 7) for integration.

*In all of the above examples, the process may involve the insurers or its agent or an intermediary. For simplicity of presentation, we will use the term "insurer".

Threat    

Terrorist financing

The assessment of the TF threat related to life insurance shows that terrorist groups have vague intentions to use this modus operandi. It requires specific knowledge of the product and its specificities. Life insurance contracts are not easily accessible and require a lot of documentation to support the request which is quite dissuasive and less attractive for terrorist groups. One case can be considered: when life insurance is subscribed by foreign terrorist fighters who ask for the redemption of the life insurance funds for the benefit of their family in case of suicide or war. However, legislations in place in Member State do not allow this type of clause, which make the risk less important.

Conclusions: LEAs have limited evidence on life insurance misused for TF purposes. It requires knowledge and planning expertise which make this modus operandi rather unattractive. In that context, the level of TF threat related to life insurance is considered as moderately significant (level 2).

Money laundering

The assessment of the ML threat related to life insurance shows that organised crime organisations can use this modus operandi but it requires complex architecture to hide proceeds of crime (bank account wrapped in an insurance policy; multiple accounts in tax haven and loaded in cash, and used as guarantee to ask for a credit loan and then money sent to life insurance policy). Cases exist but they are few, and they require sophisticated planning and knowledge to make the life insurance a viable option.

Conclusions: some case of life insurance abused for ML purposes have been identified but most of the time, they are the result of sophisticated schemes. In that context, the level of ML threat related to life insurance is considered as moderately significant (level 2).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to life insurance shows that

(a) risk exposure: 

When misused, life insurance is mostly used to place funds anonymously than to withdraw them. However, the risk exposure seems rather limited given the amount of transactions concerned.

(b) risk awareness: 

The sector seems quite unaware about TF risks. STRs are most of the time sent quite late in the process, because life insurers tend to wait for the withdrawal of the funds to consider whether or not there is a suspicion.

(c) legal framework and controls: 

Life insurance is included in the AML/CFT framework at EU level. New risks and opportunities may emerge with FinTech/RegTech.

Conclusions: risk awareness from the sector is low while the risk exposure is quite high. However, cases at stake are very limited and due to the limited attractiveness of the product, the level of TF vulnerability related to life insurance is considered as lowly significant/moderately significant (level 1- 2).  

Money laundering

The assessment of the ML vulnerability related to life insurance shows that :

(a) risk exposure: 

When misused, life insurance is mostly used to place funds anonymously than to withdraw them. However, the risk exposure seems rather limited given the amount of transactions concerned.

(b) risk awareness: 

The sector is well aware about the ML risks.

(c) legal framework and controls: 

Services are most of the time provided through bank accounts. Accurate controls generally apply for this type of products.

Conclusions: life insurance is currently well framed and the sector seems quite aware about the risk of ML abuses. The controls in place are correctly implemented. In that context, the level of ML vulnerability related to life insurance is considered as lowly/moderately significant (level 1-2). When life-insurance products are used as investment product for wealth management or other investment services, the respective risk level should be considered.

Mitigating measures

No further proposal is made at this stage

Product

Non-Life Insurance

Sector

Insurance sector

General description of the sector and related product/activity concerned

According to the EBA statistical database the total assets of Insurance Corporations in the Euro area as at September 2015 were reported EUR 7022 billion*.

*Further breakdown by sub-activity is not available, but not essential from the perspective of AML/ATF.

According to data published by Insurance Europe, in 2015, the largest non-life insurance market, motor insurance, totalled EUR132 billion in premiums, followed by health insurance with EUR119.3bn and property insurance market with EUR93 billion, accident insurance EUR32 billion and general liability insurance with EUR33.8 billion.%

Description of the risk scenario

Perpetrators are using fraud to insurance products to fund their activities (work place insurance, car insurance…)

ML in non-life insurance can occur within the context of, and as the motive behind, insurance fraud, for example where this results in a claim to be made to recover part of the invested illegitimate funds. Relevant risk scenarios are typically focussed on high frequency premiums and cancellations. The risks may arise or materialise through one or more of the following:

1. An insurer* accepts premium payment in cash.

2. An insurer refunds premiums upon policy cancellation or policy surrender to an account other than the source of original funding.

The risk of money laundering exists in all of the above. ML intent is to use the scenario 1 for placement and scenario 2 for layering/integration.

*In all of the above examples, the process may involve the insurer or its agent or an intermediary. For simplicity of presentation, we will use the term "insurer".

Similarly the risk of terrorist financing relates to insurance fraud to get access to sources of revenues for terrorist activities. Such schemes materialised in work place insurance and car insurance for instance.

Threat    

Terrorist financing

The assessment of the TF threat related to non-life insurance (e.g. cars or workplaces) presents similarities with the assessment of the TF related to life-insurance. It is difficult to say that this modus operandi does not have any relevance but it requires, nevertheless, some planning and large paper trails which makes it not really attractive for terrorist groups, although some evidence has been gathered during the terrorist attacks. However, for sake of comparability, it presents the same level of TF threat.

Conclusions: LEAs have limited evidence on non-life insurance misused for TF purposes. It requires knowledge and planning expertise which make this modus operandi rather unattractive. In that context, the level of TF threat related to non-life insurance is considered as moderately significant (level 2).

Money laundering

The assessment of the ML threat related to non-life insurance (e.g. cars or workplaces) shows that, unlike TF, ML abuses of non –life insurance require sophisticated schemes which make the risk scenario not secure or attractive enough. LEAs have no specific evidence that non-life insurance has been used to launder proceeds of crime.

Conclusions: non-life insurance is not used for ML purposes as it requires planning and expertise which make this modus operandi rather unattractive. In that context, the level of ML threat related to non-life insurance is considered as lowly significant / non relevant (level 1).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to non-life insurance (e.g. cars or workplaces) shows that two cases may occur: (i) undeclared work in motor vehicles retails/ fraud on car insurances: funds coming from the fraud are sent by cash transfers; (ii) burning of cars to obtain insurance redemption.

(a) risk exposure: 

The risk exposure is limited due to the fact that it necessarily concerns huge amounts of funds and that funds shall be accessed, with prior identification.

(b) risk awareness: 

Generally speaking, non-life insurance is more vulnerable than life insurance because the sector is not necessarily aware about these risks (CDD are implemented and there is no record keeping) or does always trigger specific red flags on TF or ML. Insurance issuers tend to pay more attention at the moment of the pay-out, when the risk is perceived as bigger.

(c) legal framework and controls

Non-life insurance is not covered by the AML/CFT framework at EU level. Where Member States have put in place some regulations, controls seem to work adequately, including with systems of self-declarations.

Conclusions:. In many Member States, the legal frameworks in place have triggered some controls and have raised awareness within the sector. However, there are still some weaknesses in the detection of suspicious transactions and reporting. In that context, the level of TF vulnerability related to non-life insurance is considered as moderately significant (level 2).

Money laundering

The assessment of the ML vulnerability related to non-life insurance (e.g. cars or workplaces) shows that

(a) risk exposure:

Most of the time, non-life insurance is misused for ML purposes in a broader context of fraud (fake investment, empty shell).

(b) risk awareness:

The implementation of CDD is not widespread within the EU, but when Member States have an AML framework in place for non-life insurance, they notice that obliged entities tend to not apply any CDD at all. However, considering the number of cases concerned, there is no evidence that such weakness may increase the risk of ML

(c) legal framework and controls

There are no EU requirements to include non-life insurance in the scope of AML/FT. The non-life insurance framework depends on national legislations.

Conclusions: few cases on non-life insurance misuses for ML purposes have been identified. Most of the time, they are part of a broader fraud-scheme. In that context, the level of ML vulnerability related to non-life insurance is considered as lowly vulnerable (level 1)/ non relevant.

Mitigating measures

No further proposal is made at this stage

Product

Safe custody services

Sector

Credit and financial sector and private security companies

Description of the risk scenario

Perpetrators rent multiple safe custody services (commercial or banking ones) to store large amounts of currency, monetary instruments, or high-value assets awaiting conversion to currency, for placement into the banking system. Similarly, a perpetrator establishes multiple safe custody accounts to park large amounts of securities awaiting sale and conversion into currency, monetary instruments, outgoing funds transfers, or a combination thereof, for placement into the banking system. Free zones may be used as shelter for illicit activities including proceeds from criminal activities.

Threat    

Terrorist financing

The assessment of the TF threat related to safe custody services has not been considered as relevant. In that context, the TF threat is not part of the assessment.

Conclusions: non relevant

Money laundering

The assessment of the ML threat related to safe custody services shows that this risk scenario presents the specificity that the value is stored and not necessarily converted. Then, it may not be financially attractive. However, it represents the possibility to hide proceeds of crime without any possibility to be detected. These "dormant" deposit's systems are, according to LEAs, increasingly used to safe deposits and to take assets out of the financial system. Exact data are nevertheless difficult to get because such safe custody services are also used for relatives. This constitutes an additional element to the ML threat considering that the person who has deposited funds is not necessarily the same who will withdraw them. The access by other persons to the funds increases the level of threat. It is also worth mentioning that market players other than banks are also providing such services (storage facilities) which extend the scope of tools available to criminal organisations. This also contributes to increase the level of threat.

Conclusions: many Member States have noticed an increasing trend in the use of the modus operandi by criminal organisations to hide proceeds of crime. Safe custody services are rather attractive because they do not require specific expertise and are a fairly secure tool to escape tax or AML controls. In that context, the level of ML threat related to safe deposits is considered as significant (level 3).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to safe custody services has not been considered as particularly relevant. In that context, the TF vulnerability is not part of the assessment.

Conclusions: non relevant

Money laundering

The assessment of the ML vulnerability related to safe deposits shows that a distinction shall be done between services provided by credit institutions and those provided by non-banks entities (storage facilities).

(a) risk exposure:

In both cases, the risk exposure is high because large sums of cash may be at stake. This level of risk exposure may be increased by the nature of customers involved (high risk customers).

(b) risk awareness:

Concerning safe custody services provided by credit institutions, basic CDDs apply. Competent authorities are sometimes engaged in a proactive approach with the sector. Banks remain nevertheless vulnerable with regard to the "content" of the safe deposits boxes. Most of the time, they have no information on the funds placed in the safe deposits. In the case of private companies delivering such services, they do not all comply with AML/CFT requirements and some of them allow the rental of safe deposits with cash. Another question is whether the risk of ML occurs at the time of the storage already or only once the funds are inserted in the real economy. From a law enforcement perspective, the more the funds are stored, the easier the anonymity of the transaction is.

(c) legal framework and controls

Safe custody services or free zones shelters are not included, as such, in the AML/CFT legal framework at EU level. However, safe custody services provided by credit and financial institutions are included in the framework applicable to those obliged entities. Undertakings carrying out safe custody services as listed in point (14) of Annex I of Directive 2013/36/EU are specifically subject to AML/CFT rules. However financial institutions may not be in a position to carry out in practice their monitoring obligations and assessing the source of funds since they are not aware of the content of safe deposit boxes. In addition, this does not cover commercial storage companies or other storage facilities that may be used for similar services. In some countries, certain storage/safe services in general are regulated and supervised as such.

Conclusions: when provided by credit and financial institutions, safe custody services are subject to CDD requirements and controls. However, it is not always possible to understand exactly the source of funds and ongoing monitoring may have a blind spot since the content is usually unknown to the financial institution. In addition, these safe deposits may be accessible to third parties other than the initial customer which increases the vulnerability. The market is fragmented with the emergence of private entities and other commercial storage/safe services. In that context, the level of ML vulnerability is considered as moderately significant/significant (level 2-3).

Mitigating measures

·Member States should provide that credit and financial institutions offer safe custody services only for holders of a bank account in the same obliged entity – and address appropriately risks posed by access by third parties to safe deposit boxes. Member States should define measures commensurate to the risk posed by non-financial safe deposit providers, including in freeports, depending on the national circumstances.

Product/Service

Creation legal entities and legal arrangements

Sector

Trust or company service providers (TCSPs), Legal professionals, Tax advisors/accountants/auditors, Providers of service related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking = "professional intermediaries"

General description of the sector and related product/activity concerned

TCSPs, legal professionals, tax advisors/accountants and providers of services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking provide a wide range of services to individuals and businesses for commercial undertakings and wealth management.

According to the Directive 2005/60/EC, obliged entities shall identify the beneficial owner when entering into a business relationship and taking risk-based and adequate measures to verify the identity of the beneficial owners as defined in Article 3(6).

In addition to AML legislation, the following EU company law directives lay down general rules on setting up limited liability companies, especially with regard to capital and disclosure requirements.

· Directive 2009/101/EC   covers the disclosure of company documents, the validity of obligations entered into by a company, and nullity. It applies to all public and private limited liability companies. It replaces Directive 68/151/EEC (the 1st Company Law Directive). The current consolidated version includes amendments introduced by Directive 2003/58/EC (now repealed) and Directive 2012/17/EU.

· Directive 2012/30/EU   covers the formation of public limited liability companies and rules on maintaining and altering their capital. It sets the minimum capital requirement for EU public limited liability companies at EUR 25 000. It replaces Directive 77/91/EEC (the 2nd Company Law Directive). The consolidated version includes amendments introduced by Directive 2006/68/EC and Directive 2009/109/EC.

· Directive 89/666/EEC   (the 11th Company Law Directive) introduces disclosure requirements for foreign branches of companies. It covers EU companies which set up branches in another EU country or companies from non-EU countries setting up branches in the EU.

· Directive 2009/102/EC   (the 12th Company Law Directive) provides a framework for setting up a single-member company (in which all shares are held by a single shareholder). It covers private limited liability companies, but EU countries may decide to extend it to public limited liability companies. It replaces Directive 89/667/EEC.

The rules on formation, capital and disclosure requirements are complemented by accounting and financial reporting rules . 

Listed companies must also meet certain transparency requirements.  

Description of the risk scenario

Perpetrators create complex structures involving many jurisdictions, in particular offshore jurisdictions with secretive chains of ownership where the owner of another company or another legal structure is registered elsewhere. Nominees are designated and will only appear to be in charge of the company by hiding the link with the true beneficial owner. By involving offshore companies, the perpetrators can stay anonymous, return the funds derived from criminal activity into the legal economy, and commit tax fraud, tax evasion and other activities that impair the state budget or conceal the sources of the funds.

This involves the creation of 'opaque structures', defined as structures where the true identity of the owners(s) of entities and arrangements in that structure is concealed through the use of nominee directors for instance. In such cases, it is the nominee director who only appears to be the beneficial owners of the company 16 . These schemes make use of offshore jurisdictions which attract significant investments increasing by 7% in 2014 to reach 11 trillion USD 17 .

General comment (where relevant)

For this risk scenario, the assessment covers legal entities such as companies, corporate structures, foundations, associations, non-for-profit organisations, charities and similar structures. It also covers legal arrangements such as trusts or other legal arrangements having a structure or functions similar to trusts (e.g. fiducie, treuhand, fideicomiso …). The risk assessment relates to the nature of the activity and not the structure as such. This approach does not deny the specific nature of legal entities versus legal arrangements (the latter does not have legal personality and remains basically a contractual relationship). However, as far as the nature of the service concerned (here the creation of the structure), these specificities do not make any key difference: legal entities and legal arrangements can be used the same way for hiding the true beneficial owners. Perpetrators favour a type of structure depending on the legal environment of a given jurisdictions, the perpetrators' type of expertise and convenience purposes. The creation is easily accessible by organised crime organisations for all these structures. In all cases, these structures could be vehicles used to create opaque and complex schemes which make it more difficult to identify the real owner and the real origin of the funds.

Threat    

Terrorist financing

Perpetrators have an intent for setting up opaque structure which is needed for instance to circumvent restrictive measures in place. The assessment of the TF threat related to the creation of legal entities and legal arrangements shows that terrorist organisations may have some difficulties creating such kind of structures as these terrorist organisations are most of the time on sanctions list. The more the terrorist organisation wants to hide its beneficial ownership identity, the more sophisticated the process needs to be. Knowledge of both domestic and international regulatory and taxation rules are required to create these structures which entail a high level of knowledge that can be provided only by professional intermediaries. Nevertheless, some simplest cases have been identified by LEAs and FIUs, through the use of bank accounts and professional intermediaries which allow the easy and fast creation of structures that may help gathering cash to finance terrorist activities. Thus, from the point of view of the capability, the creation of legal entities and legal arrangements can be considered as relevant for TF threat although a limited number of TF cases have been reported by law enforcement

Conclusions: while few cases of exploitation of this modus operandi for TF purposes have been identified, the technical expertise and knowledge required is high, and may thus dissuade terrorist organisations which may prefer simpler and more accessible solutions. In this context, the level of TF threat related to the creation of legal structures is considered as moderately significant (level 2).

Money laundering

The assessment of the ML threat related to the creation of legal entities and legal arrangements shows this tool is mainly and even quite exclusively used to hide and obscure the beneficial ownership. From the point of view of the costs, setting up a legal entity or a legal arrangement is rather straightforward and may be undertaken online. Some costs or higher level of expertise/planning may be required if the criminal organisations rely on intermediaries to create more complex structures, for instance involving more than one jurisdictions in order to better hide the true identities of the owners. Knowledge of domestic and international regulatory and taxation rules are required to create these structures which entail a high level knowledge that can be provided only by professional intermediaries. However, as far as the creation of the structure itself is concerned and as long as the use of intermediaries may suffice to hide the beneficial ownership, the use of this modus operandi is considered as an attractive and fairly secure way to launder proceed of crime. In addition, FIUs and LEAs consider that this modus operandi is recurrently used by criminal organisations.

Conclusions: although the creation of legal entities or legal arrangements cannot be isolated from the business activity itself, this risk scenario is considered as a lucrative tool to lauder proceeds of crime. In that context, the level of ML threat related to the creation of legal structures is considered as significant/very significant (level 3/4).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to the creation of legal entities or legal arrangements shows the following characteristics:

(a) risk exposure:

The main aspect of the risk exposure relates to the fact that legal entities and legal arrangements may, in certain circumstances, easily be created remotely and with no specific identification requirement (through unsecured delivery channels). In that context, the process may be fully anonymous and professional intermediaries may unwittingly be misused by terrorist groups located in high risk areas to create a structure with no legitimate purpose. In other situations, the non-face-face creation of the structures may involve professional intermediaries who are located outside the EU. In that case, the entry point to identify who the beneficial owner is remains the financial institution in charge of opening the bank account. Finally, some intermediaries or third parties may provide dedicated services to hide the beneficial ownership, impacting the whole profession which may be considered as complicit in the setting up of these TF schemes.

(b) risk awareness

In general, professional intermediaries seem to be aware about the risk of being misused by illegitimate requests to create legal entities and legal arrangements. The risk that these structures could be used to hide the beneficial owner is well known. However, given that in the TF context the creation of legal entities and legal arrangements may still rely on legitimate money, red flags are not triggered appropriately. Several professional sectors may be involved in the creation of these structures and competent authorities are not always able to deliver proper guidance to these professional sectors.

(c) legal framework and controls

Accountants, auditors, tax advisors and legal professionals (since 2001), TCSPs (since 2005) and services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking (since 2005) are subject to the EU anti-money laundering requirements.

Based on the level of STRs, competent authorities consider that controls in place are really low and elements gathered at the beginning of the business relationships are not developed enough to detect and analyse the TF risks related to the creation of legal entities or legal arrangements.

EU Members have different regulatory and taxation regimes that may be exploited by terrorist organisations. Enforcement of the requirements related to the identification of the beneficial owner at the beginning of the business relationship remains still an important challenge for obliged entities concerned and constitutes at this stage a gap in many EU AML/CFT regimes.

Concerning services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking, there is no information concerning their supervision by competent authorities and whether or not they comply with AML/CFT requirements.

Conclusions: although this modus operandi is not necessarily the one most used for terrorist financing, the TF vulnerability related to creation of legal structures is considered as significant/very significant (level 3/4).

Money laundering

The assessment of the ML vulnerability related to the creation of legal entities and legal arrangements shows that:

(a) risk exposure:

The main aspect of the risk exposure relates to the fact that legal entities and legal arrangements may, in certain circumstances, easily be created remotely and with no specific identification requirement (through unsecured delivery channels). In that context, the process may be fully anonymous and professional intermediaries may unwittingly be misused by criminal organisations located in high risk areas to create a structure with no legitimate purpose. In other situations, the non-face-face creation of the structures may involve professional intermediaries who are located outside the EU. In that case, the entry point to identify who the beneficial owner is remains the financial institution in charge of opening the bank account. Finally, some intermediaries or third parties may provide dedicated services to hide the beneficial ownership, impacting the whole profession which may be considered as complicit in the setting up of these ML schemes.

(b) risk awareness:

Both TCSPs and legal professions/tax advisors seem to be aware about the risk of illegitimate requests to create legal entities and legal arrangements. The risk that these structures could be used to hide the beneficial owner is well known. However, there are still important shortcomings in terms of enforcement. This is the case when several obliged entities are involved in the creation of structures and where the application of CDD, including who the beneficial owner is, relies on the financial sector which is not always well equipped to face situations where the beneficial owner is voluntarily hidden. There are also important shortcomings in terms of understanding, by the obliged entities, of their AML obligations or even knowledge of these obligations. This is particularly true for the use of common law legal arrangements, like trusts, which are not familiar to civil law countries and are not known in their national law or used as investments/business vehicles. Guidance and applicability of CDD is often not available in these civil law jurisdictions on how AML requirements should be applied to such legal arrangements.

The risk awareness of services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking is impossible to assess as there is no information available concerning whether or not they apply the AML/CFT requirements

(c) legal framework and controls

Legal framework: Accountants, auditors, tax advisors and legal professionals (since 2001), TCSPs (since 2005) and services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking (since 2005) are subject to the EU anti-money laundering requirements.

The current EU legal framework (3rd AMLD) requires the identification of the beneficial owner before entering into a business relationship but does not impose any requirement on the legal entity or the legal arrangement itself to disclose spontaneously its beneficial owner at the time of the creation – although other disclosure requirements exist for EU companies according to company law legislation.

EU Members have different regulatory and taxation regimes that are exploited by criminal organisations. These organisations may take advantage of more lenient AML/CFT frameworks concerning the identification of beneficial owners of legal entities and arrangements or of national regimes that do not provide for personal or corporate income tax.

Controls: In the absence of any EU requirement to disclose who the beneficial owner is at the time of the creation of the structure, in particular for complex structures covering many jurisdictions, controls are either not effective or do not exist, which means that opaque structures can be easily created to hide illegitimate funds. In addition, in several situations, competent authorities and FIUs have noticed the involvement of off-shore jurisdictions where the ability of LEAs to conduct investigations depends on the existence of MLA agreements with these jurisdictions. The consequence is that as long as there is no MLA agreement, the process to identify the beneficial ownership is hampered.

IT tools have been put in place to allow the creation of corporate structures in a speedy and anonymous way. In the case of legal arrangements, some of them can be contracted in a very informal way which creates additional obstacles for the controls.

As far as services offering advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking, there is no information concerning their supervision by competent authorities and whether or not they comply with AML/CFT requirements.

Conclusions: the ML risk exposure surrounding the creation of legal entities or legal arrangements is considered as significant due to the level of anonymity and the characteristics of the customers and areas involved. The risk awareness of professional intermediaries seems theoretically rather satisfactory but it is not confirmed by the number of STRs which remains very low. There is a lack of robust AML/CFT framework in many Member States and relevant rules do not seem correctly understood. The legal framework is not adapted to the risk (beneficial ownership identification ex-post and not prior to the creation of the structure) and the controls are inexistent. In that context, the ML vulnerability related to the creation of legal entities, legal arrangements and non-profit organisations/charities is considered as significant/very significant (level 3/4).

Mitigating measures

1) for competent authorities/self-regulatory bodies

·Member States should ensure that competent authorities/self-regulatory bodies provide training sessions and guidance on risk factors with specific focus on non-face-to-face business relationships; off-shore professional intermediaries or customers or jurisdictions; complex/shell structures

·Member States should ensure that self-regulatory bodies/competent authorities conduct thematic inspections on how beneficial owner identification requirements are implemented

·Annual reports on the measures carried out to verify compliance by these obliged entities with their obligations related to customer due diligence, including beneficial ownership requirements, suspicious transaction reports and internal controls should be provided by competent authorities/self-regulatory bodies to Member States

·Member States should put in place some mechanisms to ensure that the creation of structures should be carried out under control of a professional (obliged entity), who should have to develop their due diligence.

·Member States should put in place some mechanisms allowing competent authorities and FIUs to identify the situations where:

(i) for legal entities: obliged entities have identified the senior manager as the beneficial owner, instead of the natural person who ultimately owns or controls the legal entity through direct or indirect ownership. In such case, obliged entities should keep record of any doubt that the person identified is the beneficial owner.

(ii) for legal arrangements: obliged entities should identify cases where the settlor, trustee, protector, beneficiaries or any other natural person exercising ultimate control over the trust involve one or several legal entities. In such cases, the obliged entities should also identify the beneficial owner of these legal entities.

·Member States should put in place mechanisms to ensure the information held in central beneficial ownership register is verified on a regular basis. For this purpose, a national authority should be designated to collect and check the information on the beneficial owner. This national authority should receive from obliged entities any discrepancy that would be found between the beneficial ownership information held in the registers and the beneficial ownership information collected as part of their customer due diligence procedures. Where such discrepancies are not sufficiently justified by the legal structure or the legal arrangement, the national authority should provide for adequate pecuniary and/or administrative sanctions.

·Member States should ensure that providers of services offering advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking are properly regulated and supervised at national level and comply with their obligations on beneficial ownership.

2) from the Commission:

In the context of Commission's proposal COM(2016)450: reinforcing the transparency requirements for beneficial ownership information on legal entities and legal arrangements

Product/Service

Business activity entities and legal arrangements 

Sector

Trust or company service providers (TCSPs), Legal professionals, Tax advisors/accountants/auditors, Providers of service related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking = "professional intermediaries"

General description of the sector and related product/activity concerned

TCSPs, legal professionals, tax advisors/accountants and providers of services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking provide a wide range of services to individuals and businesses for commercial undertakings and wealth management.

According to the Directive 2005/60/EC, obliged entities shall identify the beneficial owner when entering into a business relationship and taking risk-based and adequate measures to verify the identity of the beneficial owners as defined in Article 3(6).

In addition to AML legislation, the following EU company law directives lay down general rules on setting up limited liability companies, especially with regard to capital and disclosure requirements.

· Directive 2009/101/EC   covers the disclosure of company documents, the validity of obligations entered into by a company, and nullity. It applies to all public and private limited liability companies. It replaces Directive 68/151/EEC (the 1st Company Law Directive). The current consolidated version includes amendments introduced by Directive 2003/58/EC (now repealed) and Directive 2012/17/EU.

· Directive 2012/30/EU   covers the formation of public limited liability companies and rules on maintaining and altering their capital. It sets the minimum capital requirement for EU public limited liability companies at EUR 25 000.It replaces Directive 77/91/EEC (the 2nd Company Law Directive). The consolidated version includes amendments introduced by Directive 2006/68/EC and Directive 2009/109/EC.

· Directive 89/666/EEC   (the 11th Company Law Directive) introduces disclosure requirements for foreign branches of companies. It covers EU companies which set up branches in another EU country or companies from non-EU countries setting up branches in the EU.

· Directive 2009/102/EC   (the 12th Company Law Directive) provides a framework for setting up a single-member company (in which all shares are held by a single shareholder). It covers private limited liability companies, but EU countries may decide to extend it to public limited liability companies. It replaces Directive 89/667/EEC.

The rules on formation, capital and disclosure requirements are complemented by accounting and financial reporting rules . 

Listed companies must also meet certain transparency requirements.  

Description of the risk scenario

Front companies used for fraud via false invoicing: Perpetrators use front company to apply false invoices to imported items, with the overpayments siphoned off to terrorist causes.

Trade based money laundering: Perpetrators use Trade based money laundering (TBML) as a means of justifying the movement of criminal proceeds through banking channels (via letter of credit, invoices) or through the use of global transactions, often using false documents regarding the trade of goods and services. It can potentially allow the rapid transfer of large sums by justifying an alleged economic purpose. TBML schemes have also been used by international terrorist groups with complex funding methods 18 .

False loans: companies set up fictitious loans between them in order to create an information trail to justify transfers of funds of illegal origin. Perpetrators use fictitious loans as a mean for justifying movement of criminal proceeds through banking channels - without any economic reality.

In terms of legislation in place, the EU has adopted several accounting Directives as well as audit requirements to ensure that companies' accounts represent a true and fair view.

General comment (where appropriate)

For this risk scenario, the assessment covers legal entities such as companies, corporate structures, foundations, associations, non-for-profit organisations, charities and similar structures. It also covers legal arrangements such as trusts or other legal arrangements having a structure or functions similar to trusts (e.g. fiducie, treuhand, fideicomiso …). The risk assessment relates to the nature of the activity and not the structure as such. This approach does not deny the specific nature of legal entities versus legal arrangements (the latter does not have legal personality and remains basically a contractual relationship). However, as far as the nature of the service concerned (here the creation of the structure), these specificities do not make any key difference: legal entities and legal arrangements can be used the same way for hiding the true beneficial owners. Perpetrators favour a type of structure depending on the legal environment of a given jurisdictions, the perpetrators' type of expertise and convenience purposes. The creation is easily accessible by organised crime organisations for all these structures. In all cases, these structures could be vehicles used to create opaque and complex schemes which make it more difficult to identify the real owner and the real origin of the funds.

Threat    

Terrorist financing

The assessment of the TF threat related to business activities of legal entities or legal arrangements shows that terrorists groups do not particularly favour this kind of modus operandi to finance terrorist activities. According to law enforcement authorities, this risk scenario is not really attractive for terrorists groups as it requires firstly the creation of an opaque structure (illicit legal entity or legal arrangement) or the infiltration of the ownership of a legitimate legal entity or legal arrangement. It requires planning and expertise capabilities. Due to the different steps to be accomplished, it is unlikely that "clean" money can be collected from this modus operandi in a speedy manner. However if perpetrators possess the expertise, they can use this modus operandi for money remittance instead of other classical techniques (money value transfer services, hawala etc). The modus operandi can become attractive if there is a need to transfer large volume of funds for TF purposes. Hence, terrorist groups may have some intentions to use it.

Conclusions: on the basis of the elements gathered from law enforcement authorities and financial intelligence units, the level of TF threat related to business activities business activities of legal entities and legal arrangements is considered as moderately significant (level 2).

Money laundering

The assessment of the ML threat related to business activities of legal entities or legal arrangements shows that the most widespread means to launder proceeds of crime used by organised crime organisations is trade-based money laundering and false invoicing. These illicit operations allow legitimate funds to be taken out of the company's cash flow: (i) by using forged invoices; (ii) by reducing the base for tax calculation; (iii) by reducing income tax by taking legitimate funds from the company; (iv) by laundering illegitimate proceeds by withdrawing cash from another company's account using intermediaries. While the level of expertise or planning capacities is not negligible, law enforcement authorities and financial intelligence units consider that organised crime organisations have recurrently exploited this modus operandi because it is generally quite easily accessible, has a low cost and is relatively easy to abuse. However, this modus operandi also involves several sectors at the same time: transfers of money through companies' structures generally are processed through the banking sector, and in many cases lawyers are identified as facilitators

Conclusions: while this modus operandi may require moderate levels of technical expertise and knowledge to build a TBML scheme, numerous cases have been identified by FIUs and LEAs which tend to demonstrate that it is quite easy to access and to abuse. On this basis, the level of ML threat related to business activities business activities of legal entities and legal arrangements and based on TBML is considered as very significant (level 4)

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to business activities of legal entities or legal arrangements shows that:

(a) risk exposure

Significant sums can be gathered through business activities to finance terrorist organisations and activities. This business activity is most of the time cash based and could involve cross-border transactions with high-risk third countries.

(b) risk awareness:

Both TCSPs and legal professions/tax advisors seem to be aware about the risk to be misused to create legal entities and legal arrangements for illegitimate purposes linked to ML/TF. The risk that these structures could be used to hide the beneficial owner is well known. However, there are still important shortcomings in terms of understanding of their AML/CFT obligations, or even knowledge of them. In particular, given that in the context of TF, business activity can still rely on legitimate money, this does not necessarily trigger any red flags. Controls in place are then quite low and the consequence is that FIUs can detect and analyse the TF risks related to business activity through legal entities or legal arrangements only in limited circumstances. Many professional sectors may be involved in the creation of legal structures and competent authorities are not always able to deliver proper guidance to these professional sectors.

(c) legal framework and controls

Legal framework: Accountants, auditors, tax advisors and legal professionals (since 2001), TCSPs (since 2005) and services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking (since 2005) are subject to the EU anti-money laundering requirements. These EU requirements impose that the beneficial owner of a legal structure or a legal arrangement, including non-profit organisations or foundations is identified before starting the business relationship. Despite this legal obligation, national regimes still present important gaps. In addition, accountant and auditors are applying accounting rules to ensure that company accounts represent a true and fair view.

Controls:

Based on the level of STRs, competent authorities consider that controls in place are very low and elements gathered at the beginning of the business relationships are not sufficiently developed to detect and analyse the TF risks related to the creation the and activities of legal entities and legal arrangements.

As far as services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking, there is no information concerning their supervision by competent authorities and whether or not they comply with AML/CFT requirements.

Conclusions: on the basis of the elements gathered and while this modus operandi is not necessarily the most obvious vehicle for terrorist financing, the TF vulnerability related to business activities of legal entities and legal arrangements is considered as significant (level 3).

Money laundering

The assessment of the ML vulnerability related to business activities of legal entities and legal arrangements shows

(a) risk exposure:

False loans are not a negligible phenomenon which is used widely by organised crime organisations. In certain cases, TMBL may imply large international trade transactions less easy to detect by banks. This difficult detection can be increased by the recurring use of strawmen which may impact on the level of vulnerabilities.

(b) risk awareness

Both TCSPs and legal professions/tax advisors seem to be aware about the risk to be misused to create legal entities and legal arrangements for illegitimate purposes linked to ML/TF. The risk that these structures could be used to hide the beneficial owner is well known. TCSPs are, in general, aware that they are not supposed to deal with third parties without having the correct compliance in place. However, the transactions at stake are rather complex (cross-border in particular) which make harder the investigation work of LEAs. Illicit origin of the funds is generally difficult to prove due to the multiplicity of actors, geographical areas and channels used. Suspicious transactions are then quite difficult to detect (TMBL and false invoicing).

(c) legal framework and controls

Legal framework: Accountants, auditors, tax advisors and legal professionals (since 2001), TCSPs (since 2005) and services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking (since 2005) are subject to the EU anti-money laundering requirements. These EU requirements impose that the beneficial owner of a legal structure or a legal arrangement, including non-profit organisations or foundations is identified before starting the business relationship. Despite this legal obligation, national regimes still present important gaps. In addition, accountant and auditors are applying accounting rules to ensure that the companies account represent a true and fair view.

Controls: in several situations, competent authorities and FIUs have noticed the involvement of off-shore jurisdictions where the ability of LEAs to conduct investigations depends on the existence of MLA agreements with these jurisdictions. The consequence is that as long as there is no MLA agreement, the process to identify the beneficial ownership is terminated.

Concerning services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking, there is no information concerning their supervision by competent authorities and whether or not they comply with AML/CFT requirements.

Conclusion: the risk exposure of the sector is considered as very significant due to the lack of a robust ML framework in many jurisdictions especially rules on the identification of beneficial owners, which means that controls are inexistent in opaque structures involving many jurisdictions. In addition there is no information on whether the sector complies with AML.CFT requirements. On this basis, the level of ML vulnerability related to business activities through a legal structure and based on TBML is considered as significant (level 3)

Mitigating measures

1) for competent authorities/self-regulatory bodies

·competent authorities/self-regulatory bodies should provide training sessions and guidance on risk factors with specific focus on non-face-to-face business relationships; off-shore professional intermediaries or customers or jurisdictions; complex/shell structures

·self-regulatory bodies/competent authorities should conduct thematic inspections on how beneficial owner identification requirements are implemented

·Annual reports on the measures carried out to verify compliance by these obliged entities with their obligations related to customer due diligence, including beneficial ownership requirements, suspicious transaction reports and internal controls.

Mechanisms to ensure that the purchase/merger of a legal structure is carried out under control of a professional (obliged entity), who should have to develop their due diligence 

·Member States should put in place some mechanisms allowing competent authorities and FIUs to identify the situations where:

(i) for legal entities: obliged entities have identified the senior manager as the beneficial owner, instead of the natural person who ultimately owns or controls the legal entity through direct or indirect ownership. In such case, obliged entities should keep record of any doubt that the person identified is the beneficial owner.

(ii) for legal arrangements: obliged entities should identify cases where the settlor, trustee, protector, beneficiaries or any other natural person exercising ultimate control over the trust involve one or several legal entities. In such cases, the obliged entities should also identify the beneficial owner of these legal entities.

·Member States should put in place mechanisms to ensure the information held in central beneficial ownership register is verified on a regular basis. For this purpose, a national authority should be designated to collect and check the information on the beneficial owner. This national authority should receive from obliged entities any discrepancy that would be found between the beneficial ownership information held in the registers and the beneficial ownership information collected as part of their customer due diligence procedures. Where such discrepancies are not sufficiently justified by the legal structure or the legal arrangement, the national authority should provide for adequate pecuniary and/or administrative sanctions.

·Member States should ensure that providers of service related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking are properly regulated and supervised at national level and comply with their obligations on beneficial ownership.

2) from the Commission:

·In the context of Commission's proposal COM(2016)450: reinforcing the transparency requirements for beneficial ownership information on legal entities and legal arrangements

Product

Termination business activity of legal entities and legal arrangements

Sector

Trust or company service providers (TCSPs), Legal professionals, Tax advisors/accountants/auditors, Providers of service related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking = "professional intermediaries"

General description of the sector and related product/activity concerned

TCSPs, legal professionals, tax advisors/accountants and providers of service related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking provide a wide range of services to individuals and businesses for commercial undertakings and wealth management.

According to the Directive 2005/60/EC, obliged entities shall identify the beneficial owner when entering into a business relationship and taking risk-based and adequate measures to verify the identity of the beneficial owners as defined in Article 3(6).

In addition to AML legislation, the following EU company law directives lay down general rules on setting up limited liability companies, especially with regard to capital and disclosure requirements.

· Directive 2009/101/EC   covers the disclosure of company documents, the validity of obligations entered into by a company, and nullity. It applies to all public and private limited liability companies. It replaces Directive 68/151/EEC (the 1st Company Law Directive). The current consolidated version includes amendments introduced by Directive 2003/58/EC (now repealed) and Directive 2012/17/EU.

· Directive 2012/30/EU   covers the formation of public limited liability companies and rules on maintaining and altering their capital. It sets the minimum capital requirement for EU public limited liability companies at EUR 25 000.It replaces Directive 77/91/EEC (the 2nd Company Law Directive). The consolidated version includes amendments introduced by Directive 2006/68/EC and Directive 2009/109/EC.

· Directive 89/666/EEC   (the 11th Company Law Directive) introduces disclosure requirements for foreign branches of companies. It covers EU companies which set up branches in another EU country or companies from non-EU countries setting up branches in the EU.

· Directive 2009/102/EC   (the 12th Company Law Directive) provides a framework for setting up a single-member company (in which all shares are held by a single shareholder). It covers private limited liability companies, but EU countries may decide to extend it to public limited liability companies. It replaces Directive 89/667/EEC.

The rules on formation, capital and disclosure requirements are complemented by accounting and financial reporting rules . 

Listed companies must also meet certain transparency requirements.  

Description of the risk scenario

Fraud using bankruptcy/judicial liquidation of a company: following the bankruptcy of a company, the same company is bought by a former shareholder who creates a new structure to pursue the same business activity without financial difficulties anymore. Perpetrators cash out funds from the front company before the illegal activities are detected or before assets are seized by competent authorities.

General comment

For this risk scenario, the assessment covers legal entities such as companies, corporate structures, foundations, associations, non-for-profit organisations, charities and similar structures. It also covers legal arrangements such as trusts or other legal arrangements having a structure or functions similar to trusts (e.g. fiducie, treuhand, fideicomiso …). The risk assessment relates to the nature of the activity and not the structure as such. This approach does not deny the specific nature of legal entities versus legal arrangements (the latter does not have legal personality and remains basically a contractual relationship). However, as far as the nature of the service concerned (here the creation of the structure), these specificities do not make any key difference: legal entities and legal arrangements can be used the same way for hiding the true beneficial owners. Perpetrators favour a type of structure depending on the legal environment of a given jurisdictions, the perpetrators' type of expertise and convenience purposes. The creation is easily accessible by organised crime organisations for all these structures. In all cases, these structures could be vehicles used to create opaque and complex schemes which make it more difficult to identify the real owner and the real origin of the funds.

Threat    

Terrorist financing

The assessment of the TF threat related to termination of business activity has been considered in conjunction with ML schemes related to termination of business activity in order to hide the illegal origin of the funds. In that context, the TF threat does not benefit from a separate assessment.

Conclusion: in that context, the assessment of the TF threat related to termination of activities is considered as lowly/moderately significant (level 1/2).  

Money laundering

The assessment of the ML threat related to the termination of business activity through legal structures shows that bankruptcy is part of a more global process and some judicial administrators have reported cases where false bankruptcy has been used to launder proceeds of crime. However, few cases have been identified by law enforcement authorities. This tends to demonstrate that criminal organisations perceive this modus operandi as unattractive or difficult to access as it requires some logistical and planning capabilities.

Conclusions: on the basis of the elements gathered during the assessment phase, the level of ML threat related to termination of business activity is considered as lowly/moderately significant (level 1/2).

Vulnerability

Terrorist financing

The assessment of the TF vulnerabilities related to termination of business activity has been considered in conjunction with ML schemes related to termination of business activity in order to hide the illegal origin of the funds. In that context, the TF threat does not benefit from a separate assessment.

Conclusions: in that context, the level of vulnerability is moderately significant (level 2)

Money laundering

The assessment of the ML vulnerability related to the termination of business activity through legal structures shows that:

(a) risk exposure

Situations where termination of a business activity is at stake generally starts from a fraud.

(b) risk awareness

The detection of this modus operandi by LEAs and FIUs is easy given that most of the time it starts from a fraud. This predicate offence triggers the red flags for either the sector or the competent authorities. In general, bankruptcy is complex to elaborate and obliged entities (banks in particular) pay particular attention to such scenarios which are most of the time considered as suspicious.

(c) legal framework and controls

Accountants, auditors, tax advisors and legal professionals (since 2001), TCSPs (since 2005) and services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking (since 2005) are subject to the EU anti-money laundering requirements.

There is no specific provision related to this situation in the EU AML framework, but the number of STRs received tends to show that controls in place are efficient and allow the detection of the suspicion situations. Insolvency Directors managing an insolvency procedure also represent an additional control element.

As far as services related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking are concerned, there is no information concerning their supervision by competent authorities and whether or not they comply with AML.CFT requirements.

Conclusions: while bankruptcy is an issue for some Member States, the detection of such cases and the level awareness of the sector and other obliged entities allow considering that the level of vulnerability is moderately significant (level 2)

Mitigating measures

A/ if the termination is related to the creation of another legal entity or legal arrangements

1) for competent authorities/self-regulatory bodies

·Member States should ensure that competent authorities/self-regulatory bodies provide training sessions and guidance on risk factors with specific focus on non-face-to-face business relationships; off-shore professional intermediaries or customers or jurisdictions; complex/shell structures

·Member States should ensure that self-regulatory bodies/competent authorities conduct thematic inspections on how beneficial owner identification requirements are implemented

·Annual reports on the measures carried out to verify compliance by these obliged entities with their obligations related to customer due diligence, including beneficial ownership requirements, suspicious transaction reports and internal controls should be provided by competent authorities/self-regulatory bodies to Member States

·Member States should put in place some mechanisms to ensure that the creation of structures should be carried out under control of a professional (obliged entity), who should have to develop their due diligence.

·Member States should put in place some mechanisms allowing competent authorities and FIUs to identify the situations where:

(i) for legal entities: obliged entities have identified the senior manager as the beneficial owner, instead of the natural person who ultimately owns or controls the legal entity through direct or indirect ownership. In such case, obliged entities should keep record of any doubt that the person identified is the beneficial owner.

(ii) for legal arrangements: obliged entities should identify cases where the settlor, trustee, protector, beneficiaries or any other natural person exercising ultimate control over the trust involve one or several legal entities. In such cases, the obliged entities should also identify the beneficial owner of these legal entities.

·Member States should put in place mechanisms to ensure the information held in central beneficial ownership register is verified on a regular basis. For this purpose, a national authority should be designated to collect and check the information on the beneficial owner. This national authority should receive from obliged entities any discrepancy that would be found between the beneficial ownership information held in the registers and the beneficial ownership information collected as part of their customer due diligence procedures. Where such discrepancies are not sufficiently justified by the legal structure or the legal arrangement, the national authority should provide for adequate pecuniary and/or administrative sanctions.

·Member States should ensure that providers of services offering advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking are properly regulated and supervised at national level and comply with their obligations on beneficial ownership.

2) from the Commission:

In the context of Commission's proposal COM(2016)450: reinforcing the transparency requirements for beneficial ownership information on legal entities and legal arrangements

B/ if the termination is related to the purchase of another legal entity or legal arrangements

1) for competent authorities/self-regulatory bodies

·competent authorities/self-regulatory bodies should provide training sessions and guidance on risk factors with specific focus on non-face-to-face business relationships; off-shore professional intermediaries or customers or jurisdictions; complex/shell structures

·self-regulatory bodies/competent authorities should conduct thematic inspections on how beneficial owner identification requirements are implemented

·Annual reports on the measures carried out to verify compliance by these obliged entities with their obligations related to customer due diligence, including beneficial ownership requirements, suspicious transaction reports and internal controls.

Mechanisms to ensure that the purchase/merger of a legal structure is carried out under control of a professional (obliged entity), who should have to develop their due diligence 

·Member States should put in place some mechanisms allowing competent authorities and FIUs to identify the situations where:

(i) for legal entities: obliged entities have identified the senior manager as the beneficial owner, instead of the natural person who ultimately owns or controls the legal entity through direct or indirect ownership. In such case, obliged entities should keep record of any doubt that the person identified is the beneficial owner.

(ii) for legal arrangements: obliged entities should identify cases where the settlor, trustee, protector, beneficiaries or any other natural person exercising ultimate control over the trust involve one or several legal entities. In such cases, the obliged entities should also identify the beneficial owner of these legal entities.

·Member States should put in place mechanisms to ensure the information held in central beneficial ownership register is verified on a regular basis. For this purpose, a national authority should be designated to collect and check the information on the beneficial owner. This national authority should receive from obliged entities any discrepancy that would be found between the beneficial ownership information held in the registers and the beneficial ownership information collected as part of their customer due diligence procedures. Where such discrepancies are not sufficiently justified by the legal structure or the legal arrangement, the national authority should provide for adequate pecuniary and/or administrative sanctions.

·Member States should ensure that providers of service related to advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertaking are properly regulated and supervised at national level and comply with their obligations on beneficial ownership.

2) from the Commission:

·In the context of Commission's proposal COM(2016)450: reinforcing the transparency requirements for beneficial ownership information on legal entities and legal arrangements

Product

High value goods - artefacts and antiquities

Sector

High value dealers

Description of the risk scenario

Terrorist financing - Perpetrators earn revenue from the sale of looted artefacts and antiquities. The trafficking in cultural goods is among the biggest criminal trades, estimated to be the third or fourth largest, and despite the fact that there are hardly any instruments for measuring this trade or any data on illicit commerce.

It is estimated that only 30-40% of antique dealings take place through auction houses where the pieces are published in catalogues; the rest occur through private transactions. On the whole, the total financial value of the antiquities market ranks third after drug and arms trafficking and amounts to up to $6 billion yearly.

Money laundering – Perpetrators convert proceeds of criminal activities into antiques and art goods to store or move these assets more easily.

Threat    

Terrorist financing

The assessment of the TF threat related to the trafficking of looted artefacts and antiques shows that LEAs have identified cases of trafficking of looted antiquities within the EU. Several investigations have been conducted by Member States' LEAs where underlying trafficking in goods taken out of conflict zones (Iraq/Syria) via involvement of far east countries was used to hide more easily the provenance of goods. The portion of illegal market is, of course, to be considered but is by definition difficult to detect. From national studies conducted so far, it appears that the main threat comes from looting such products in third countries, notably in conflict zones such as Syria, and imposing taxes on these activities by terrorist organisations controlling the territory. For example, "rather than trading artefacts, Islamic State is earning money from selling digging permits and charging transit fees" 19 . Terrorists do not themselves "sell" the products to obtain revenues. Since the products might be sold in the EU by intermediaries, there is an indirect risk of financing terrorism.

From the intent and capability point of view, this risk scenario represents a financially viable option considering that looting of artefacts may produce a substantial amount of revenue. However, this modus operandi is not easy to use: it requires access to the illegal/dark economy; technical expertise and knowledge of the art market are also required and are not in the capability of every kind of terrorist group; the transportation of such products is not secure and not discrete enough. The conversion in cash of such products requires in any case planning capabilities which are not consistent with terrorist groups needs to access cash in a speedy way.

The international dimension of such threat cannot be excluded from the threat analysis. Law enforcement authorities as well as UN have reported evidence that artefact looting and trafficking occur in conflicts zone. Such activities produce financial revenues that can be used by returning foreign terrorist fighters to commit terrorist acts in the EU territory.

Conclusion: at this stage, there is limited/no evidence that such scenario is used to finance terrorist activities in the EU. However, it represents an attractive source of revenue for organisations controlling territory in conflict zones, which could then be used to finance terrorist activities in the EU. Nevertheless, the level of knowledge, expertise and planning capabilities required reduces the level of threat. In that context, the level of TF threat related to the trafficking of artefacts and antiques is considered as moderately significant (level 2).

Money laundering

The assessment of the ML threat related to the trafficking of looted artefacts and antiques shows that this risk scenario may present an interest for organised crime organisations when these "products" are converted into cash to launder proceeds of crime or evade tax. From LEAs point of view, this kind of traffic occurs mostly in Freeport zones making it more difficult to measure the extent of the phenomenon. There is little evidence that organised crime organisations use this modus operandi which in any case requires expertise and knowledge to sell these products at the best price. The illegal economy also plays a role in this risk scenario but is, by definition, difficult to assess.

Conclusions: this risk scenario may represent an attractive tool to convert proceeds of crime in clean cash. However, it requires high level of expertise and is not really secure for organised crime organisations. In that context, the level of ML threat related to the trafficking of artefacts and antiques is considered as moderately significant (level 2)

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to the trafficking of looted artefacts and antiques shows that this risk is currently only an emerging one but vulnerabilities of the sector may increase in the short term. In the current context, the fruits derived from looting may be repatriated in the EU.

(a) risk exposure:

Investigations show that antiquities are offered to EU collectors from various third countries, generally through Internet auction sites or specialized online stores. Terrorist organisations may use concealment measures, such as IP-address spoofing, which makes it difficult to identify and determine the actual location of the seller. Exploitation of social media is also identified as more and more frequent tool so as to cut out the middleman and sell artefacts directly to buyers. Preference is given to cash transactions (sometimes for high amount) but online transactions are also widespread with no possibility for the financial institution to identify to real owner/buyer of the antiquities. Artefacts and antiques markets are sensitive, based on informal negotiations and trading where there is no specific monitoring of the transactions.

(b) risk awareness

According to LEAs, cultural artefacts do not land on EU territory or remain undetected. This tends to demonstrate that competent authorities and FIUs visibility on such phenomenon is very low. Obliged entities do not undertake any record keeping (e.g. the origin of artefacts, to whom they are sold….) and there is not reporting. Customs authorities have difficulties detecting the illicit origin of cultural artefacts.

(c) legal framework and controls

AML framework: under the current AML EU framework, persons trading in goods are subject to EU AML requirements when they receive payments in cash in an amount of EUR15 000. This requirement focuses then on payments in cash without any consideration for risks posed by transactions using other means of payment. The EU AML does not target specifically artefacts and antiques neither from a product or merchant perspectives.

Ad hoc EU trade prohibitions: the EU has adopted ad hoc measures concerning importation of cultural goods into the custom territory from Syria and Iraq: Council Regulation (EC) No 1210/2003 of 7 July 2003 concerns certain specific restrictions on economic and financial relations with Iraq and Council Regulation (EU) No 36/2012 concerning restrictive measures in view of the situation in Syria prohibit trade in cultural goods with these countries where there are reasonable grounds to suspect that the goods have been removed without the consent of their legitimate owner or have been removed in breach of national or international law. However, competent authorities still have difficulties in tracking any good originating in these countries and the application of these Regulations may sometimes be challenging because of the nature of the products. It is nevertheless interesting to note that for those Member States who managed to seize cultural goods originating from Iraq or Syria, this is taken care of by the very same institutions controlling the general importation of cultural goods without generating any administrative burden of implementation, as the implementation of these rules form part of the daily work of the competent authorities.

In any case, while some EU rules exist, there are limited to specific regions and do not cover all cases of imports of cultural goods. This results in controls that are not sufficient to address the risks.

Conclusions: although there is little evidence that such risk scenario is used in the EU, it appears that the risk exposure is currently only emerging but may increase due to the geopolitical context. The legal framework does not allow an efficient monitoring of such transactions due to the fact that obliged entities are not aware of this TF vulnerability (no reporting, no record keeping). In that context, the level of TF vulnerability related to purchase of artefacts and antiques is considered as significant/very significant (level 3/4).

Money laundering

The assessment of the ML vulnerability related to the trafficking of looted artefacts and antiques shows that:

(a) risk exposure:

Given the sensitiveness of the artefacts and antiques market, it tends to favour informal channels where there is no specific security or monitoring of the transactions. It involves payments by cash (sometimes for high amounts) where the identification of the buyer is almost impossible.

(b) risk awareness

The sector seems more aware about the ML risk than the TF ones. In several Member States, high value dealers receive relevant training and guidance. However, there is a very low level of STR reporting which raises questions with regard to the risk understanding.

(c) legal framework and controls

Persons trading in goods are subject to EU AML requirements when they receive payments in cash of EUR15 000 or more. In addition, in many Member States regulations aiming at limiting cash payments have been put in place. However, as it is the case for TF, controls in place are not sufficient to address the risks this product may present.

It is also important to mention that G7 members have considered that further work must be undertaken in that respect and that artefacts trafficking represent a high risk.

Conclusions: despite the fact that the risk awareness is higher than for TF, the other elements of the assessment present commonalities: low level of reporting, no evidence that cash payment limitations have limited the risks. In that context, the level of ML vulnerability related to purchase of artefacts and antiques is considered as significant/very significant (level 3/4).

Mitigating measures:

1) For the Commission:

·An impact assessment for a possible initiative to swiftly reinforce the EU framework on the prevention of terrorism financing by enhancing transparency of cash payments through an introduction of a restriction of cash payments or by any other appropriate means. By restricting the possibilities to use cash, the proposal would contribute to disrupt the financing of terrorism, as the need to use non anonymous means of payment would either deter the activity or contribute to its easier detection and investigation. Any such proposal would also aim at harmonising restrictions across the Union, thus creating a level playing field for businesses and removing distortions of competition in the internal market. It would additionally foster the fight against money laundering, tax fraud and organised crime.

·Member States should notify the measures applied by dealers in goods covered by the AMLD to comply with their AML/CFT obligations. On this basis, the Commission could further assess risks posed by providers of service accepting cash payments. It will further assess the added value and benefit for making additional sectors subject to AML/CFT rules.

2) For Member States:

·Member States should take due consideration of the risks posed by payment in cash in their national risk assessments in order to define appropriate mitigating measures such as the introduction of cash limits for payments, Cash Transaction Reporting systems, or any other measures suitable to address the risk. Member States should consider making sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their NRA.

·Member States should ensure the provision of training actions for customs officers and the exchange of information and co-operation between customs and other authorities.

·Promoting authorisation requirements either in the country of export and/or in the EU, or self-declaration requirements, i.e. declaration by the EU importer that the good has exited the country of export in accordance with its laws and regulations.

·Awareness campaign and promotion of measures to the art market and museums, such as inventorying obligations and the formal recognition by the EU of existing codes of ethics or conduct for museum and the art market.

3) For obliged entities

·Promoting the use of written contracts to get a very detailed invoice with a clear description of the goods (value, product description...)

Product

High value assets- Gold and Diamonds

Sector

High value dealers

General description of the sector and related product/activity concerned

In the EU, the diamond market is mostly present in one country. The Belgian diamond dealers represent the most prevalent part of the diamond market in the EU. 1700 companies are officially registered with the Federal Public Service of Economy as diamond traders (total imports and exports in 2015 amounted 48 billion USD in Belgium). The world's largest mining companies have an office in Antwerp and sell a large share of their productions directly to Belgian companies. Belgium has 4 diamond bourses that are members of the World Federation of Diamond Bourses.

Specialised financial institutions provide liquidity to the diamond trade. Diamond-trading companies need this kind of financing to purchase large quantities of rough diamonds and to finance the manufacturing of these goods into polished diamonds.

Description of the risk scenario

Proceeds of crime (e.g. drug trafficking) are either moved to another country to purchase gold and jewellery which are sold in a third country on the basis of false invoices and certificates, or used directly to buy gold on the national territory and sold to a precious metals broker who then sold it to other businesses. Proceeds of the sale may then be wired to a third party to finance new criminal operations. Criminals favour precious metals and stones which are easy to store and to convert at small costs – which is typically gold and diamonds.

Threat    

Terrorist financing

The assessment of the TF threat related to purchase of gold and diamonds shows that terrorists have exploited this modus operandi which is easily accessible and represents a financially viable option. It requires moderate level of planning and expertise. Gold is commonly used in war zones and is very attractive for terrorists groups.

Conclusions: the level of TF threat related to purchase of gold and diamonds is considered as moderately significant/ significant (level 2-3).

Money laundering

The assessment of the ML threat related to purchase of gold and diamonds shows that large ML schemes occurred through this scenario. From analysis already conducted (FATF), it appears that this scenario is of high risk as gold and diamonds are easy to move cross-border (hidden in a car for instance). This modus operandi is closely connected to the assessment of couriers with gold/diamonds (see separate fiche).

Conclusions: the level of ML threat related to purchase of gold and diamonds is considered as very significant (level 4).

Vulnerability

Terrorist financing

The level of TF vulnerabilities related to purchase of gold and diamonds shows that

(a) risk exposure:

Some private sector representatives mention that the use of cash in diamond trade has decreased through the limitations imposed by some national AML legislations (in some cases, payments in cash are limited to 10% of the total amount of the transaction, with a maximum of EUR 3 000). However, there is no specific information coming from the trade in gold where cash payments are still recurrently used with no possibility to identify the parties of the transactions.

(b) risk awareness:

It is very low as far as TF risks are concerned. There is no specific framework in place to limit gold and diamond transportation or purchase. Due to the cross-border characteristic of such movements, controls are difficult/even impossible to implement.

In the case of trade in diamonds, some national organisations of diamond dealers have developed an organisational framework which allows the provision of guidance, trainings and assistance with STRs, as well as some elements contributing to the risk analysis. These organisations may also provide "know your customers" databases which include sanctions lists, PEPs or list of high risk third countries. Some traders in diamonds ensure that identification and verification processes take place before the transaction when the payments are executed through banking transfers.

Nevertheless, these practices remain rather limited and not widespread enough to consider that the sector is well aware about the risks.

For the trade in gold, no specific feedback was received from the private sector as it was impossible to identify a point of contact to discuss AML.

(c) legal framework and controls: 

Persons trading in goods are subject to EU AML requirements when they receive payments in cash of EUR 15 000 or more. These AML requirements are limited to payments in cash and do not take into consideration of risks posed by transactions using other means of payment.

As far as trade in diamonds is concerned, one of the largest groups of diamonds in Europe is subject to AML/CFT rules. To that extent, a part of diamonds dealers in the EU are subject to registration requirements (following fit and proper checks – in particular from a BO point of view) and to inspections from their competent authorities that are competent to check both the compliance with AML obligations and cash payments.

The European Union has Kimberley Authorities in 6 European countries that control imported and exported shipments of rough diamonds with focus on the presence of a Kimberley certificate (Belgium, UK, Germany, Czech, Romania and Portugal). This means rough diamonds cannot be imported/exported in/outside the EU without a Kimberley Certificate and without passing through one of the 6 dedicated KP authorities. These 6 KP authorities are appointed by the European Commission and operate under their supervision. So transport of rough diamonds is always subject to controls when entering the EU or when exported. Since trading in rough diamonds without a Kimberly Process certificate equals to ‘illegal trade’, this is connected to money laundering as an underlying crime and thus Kimberly Process is a strong mitigating measure against money laundering.

The EU framework is rather different for polished diamonds, since they can be imported anywhere in the EU. For Member States who have a very strict import and export control system for diamonds that are imported from countries outside the EU or exported outside the EU, it is possible to circumvent this control mechanism by importing/exporting via a different country of the EU.

However, currently, national legislations in place are not harmonised neither for diamonds nor for gold and this situation generates some risks of discrepancies in the obligations imposed (such as the registration) and the controls applied.

In the case of gold, the lack of harmonised framework is equally problematic from a control and enforceability point of view.

The number of STRs is rather low for this category of obliged entities. Transactions are often face-to-face which poses a specific challenge for protection of employees.

Conclusions: on the basis of the elements above, the level of TF vulnerability related to purchase of gold and diamonds is considered as significant (level 3).

Money laundering

The level of ML vulnerability related to purchase of gold and diamonds shows that

(a) risk exposure:

Some private sector's representatives mention that the use of cash in diamond trade has decreased through the limitations imposed by some national AML legislations (in some cases, payments in cash are limited to 10% of the total amount of the transaction, with a maximum of EUR 3000). However, there is no specific information coming from the trade in gold where cash payments are still recurrently used with no possibility to identify the parties of the transactions.

(b) risk awareness:

It is very low as far as ML risks are concerned. There is no specific framework in place to limit gold and diamond transportation or purchase. Due to the cross-border characteristic of such movements, controls are difficult/even impossible to implement.

In the case of trade in diamonds, some national organisations of diamond dealers have developed an organisational framework which allows the provision of guidance, trainings and assistance with STRs, as well as some elements contributing to the risk analysis. These organisations may also provide "know your customers" databases which include sanctions lists, PEPs or list of high risk third countries. Some traders in diamonds ensure that identification and verification process takes place before the transaction when the payments are executed through banking transfers.

Nevertheless, these practices remain rather limited and not widespread enough to consider that the sector is well aware about the risks. The majority of the diamond or gold sector consists of small companies (often 1-person companies) where the person in charge has no legal background and may find it difficult to put the anti-money laundering legislation in practice and apply CDD procedures.

For the trade in gold, no specific feedback was received from the private sector as it was impossible to identify a point of contact to discuss AML.

(c) legal framework and controls: 

Persons trading in goods are subject to EU AML requirements when they receive payments in cash of EUR15 000 or more. These AML requirements are limited to payments in cash and do not take into consideration of risks posed by transactions using other means of payment.

As far as trade in diamonds is concerned, one of the largest groups of diamonds in Europe is subject to AML/CFT rules. To that extent, some of the diamonds dealers in the EU are subject to registration requirements (following fit and proper checks – in particular from a BO point of view) and to inspections from their competent authorities that are competent to check both the compliance with AML obligations and cash payments.

The European Union has Kimberley Authorities in 6 European countries that control imported and exported shipments of rough diamonds with focus on the presence of a Kimberley certificate (Belgium, UK, Germany, Czech, Romania and Portugal). This means rough diamonds cannot be imported/exported in/outside the EU without a Kimberley Certificate and without passing through one of the 6 dedicated KP authorities. These 6 KP authorities are appointed by the European Commission and operate under their supervision. So transport of rough diamonds is always subject to controls when entering the EU or when exported. Since trading in rough diamonds without a Kimberly Process certificate equals to ‘illegal trade’, this is connected to money laundering as an underlying crime and thus Kimberly Process is a strong mitigating measure against money laundering.

The EU framework is rather different for polished diamonds, since they can be imported anywhere in the EU. For Member States who have a very strict import and export control system for diamonds that are imported from countries outside the EU or exported outside the EU, it is possible to circumvent this control mechanism by importing/exporting via a different country of the EU.

However, currently, national legislations in place are not harmonised neither for diamonds nor for gold and this situation generates some risks of discrepancies in the obligations imposed (such as the registration) and the controls applied.

In the case of gold, the lack of harmonised framework is equally problematic from a control and enforceability points of view.

The number of STRs is rather low for this category of obliged entities. Transactions are often face-to-face which poses a specific challenge for protection of employees.

Conclusions: even if regulations in place in some Member States have increased the level of risk awareness, the sector is still not well organised enough to allow the implementation of efficient controls and guidance. In that context, the level of ML vulnerability related to purchase of gold and diamonds is considered as significant (level 3).

Mitigating measures

1) For Member States

·Member States should take due consideration of the risks posed by payment in cash in their national risk assessments in order to define appropriate mitigating measures such as the introduction of cash limits for payments, Cash Transaction Reporting systems, or any other measures suitable to address the risk. Member States should consider making sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their NRA.

·Member States should ensure that competent authorities conduct sufficient unannounced spot checks in diamond companies and traders in gold to identify possible loopholes in the compliance with CDD requirements and the involvement of check the flow of goods via diamond experts

2) For obliged entities

·Training on CDD, in particular for small businesses.

This role can be taken up by a sector federation or diamond bourse in case of traders in diamond. The training may be about basic AML/CFT requirements such as how to identify, how to perform a risk analyses, what are UBO’s, how to notify to the FIU, what is the FIU, etc…

·Promoting the use of written contracts to get a very detailed invoice with a clear description of the goods (value, weight, quality...)

3) For the Commission

·The Commission proposed to amend the definition of cash to include gold in the context of the revision of the Cash Control Regulation (COM(2016) 825);

·Additional studies could be carried out in order to deepen the analysis of economic sectors / situations more exposed to AML/CFT risks.

A further typology work could be carried out to identify economic sectors particularly vulnerable to ML/TF risks before defining tailor made mitigating measures. This analysis could also map Member States practices since many of them have decided to subject certain additional professions to the AML/CFT regime due their risk analysis.

Product

High value assets – other than precious metals and stones

Sector

High value dealers

Description of the risk scenario

Perpetrators use high value goods as an easy way to integrate funds into the legal economy, converting criminal cash into another class of asset which retains its value and may even hold opportunities for capital growth. Certain products such as cars - but also jewellery, watches, luxury boats are particularly attractive as both lifestyle goods and economic assets.

Threat    

Terrorist financing

The assessment of the TF threat related to purchase of other kind of high value goods (other than gold, diamonds, artefacts and antiques) has not been considered as relevant from a TF perspective. In that context, the TF threat is not part of this assessment.

Conclusions: non relevant

Money laundering

The assessment of the ML threat related to purchase of other kind of high value goods (other than gold, diamonds, artefacts and antiques) shows that criminal organisations have recurrently used this modus operandi, which is easy to access and do not require specific expertise (trafficking in jewelleries, cars, boats, watches).

Conclusions: the level of ML threat related to purchase of other kind of high value goods is considered as very significant (level 4)

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to purchase of other kind of high value goods (other than gold, diamonds, artefacts and antiques) has not been considered as relevant from a TF perspective. In that context, the TF vulnerability is not part of this assessment.

Conclusions: non relevant

Money laundering

The assessment of the ML vulnerability related to purchase of other kind of high value goods (other than gold, diamonds, artefacts and antiques) shows that this risk scenario shares the same vulnerabilities as the one related to purchase of gold/diamonds.

(a) risk exposure:

It is difficult to identify precisely the different kind of goods that may be used to launder money. However; trade on high value goods other than golds and diamonds may rely heavily on cash transactions, with low level of security and monitoring in the delivery channels. It may imply cross-border transactions that are difficult to monitor.

(b) risk awareness:

It is very low as far as ML risks are concerned. The sector is realty wide and there is no particular organisational framework that may allow the provision of guidance or training. Customer due diligence measures are not applied and the level of STR demonstrates that the understanding of the risk is really low.

(c) legal framework and controls: 

Persons trading in goods are subject to EU AML requirements when they receive payments in cash in an amount of EUR15 000. However, this definition is rather general and do not specify which category of traders in good fall under the scope of AMLD. In addition, these AML requirements are limited to payments in cash and do not take into consideration of risks posed by transactions using other means of payment. Nevertheless, some Member States have put in place cash payment restrictions.

However, there are no harmonised national legislations in place to address risks posed by high value goods trading. It seems that the level of record keeping is really low and that controls are not applied.

Conclusions: even if regulations in place in some Member States have increased the level of risk awareness, the sector is still not well organised enough to allow the implementation of efficient controls and guidance. In that context, the level of ML vulnerability related to purchase of other kind of high value goods is considered as significant (level 3).

Mitigating measures

1) For the Commission:

·An impact assessment for a possible initiative to swiftly reinforce the EU framework on the prevention of terrorism financing by enhancing transparency of cash payments through an introduction of a restriction of cash payments or by any other appropriate means. By restricting the possibilities to use cash, the proposal would contribute to disrupt the financing of terrorism, as the need to use non anonymous means of payment would either deter the activity or contribute to its easier detection and investigation. Any such proposal would also aim at harmonising restrictions across the Union, thus creating a level playing field for businesses and removing distortions of competition in the internal market. It would additionally foster the fight against money laundering, tax fraud and organised crime.

·Member States should notify the measures applied by dealers in goods covered by the AMLD to comply with their AML/CFT obligations. On this basis, the Commission could further assess risks posed by providers of service accepting cash payments. It will further assess the added value and benefit for making additional sectors subject to AML/CFT rules.

2) For Member States:

·Member States should take due consideration of the risks posed by payment in cash in their national risk assessments in order to define appropriate mitigating measures such as the introduction of cash limits for payments, Cash Transaction Reporting systems, or any other measures suitable to address the risk. Member States should consider making sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their NRA.

Product

Gold and other precious metals

Sector

/

Description of the risk scenario

Cross-border gold and other precious metal movements – as well as precious stones. Perpetrators who generate cash proceeds seek to convert them into gold and other precious metals or stones and move these profits from their source, either to repatriate funds or to move them to locations where one has easier access to placement in the legal economy.

Couriers may use air, sea or rail transport to cross an international border:

- containerised or other forms of cargo, concealed in mail or post parcels: If perpetrators wish to move very large amounts of gold and other precious metal, often their only option is to conceal it in cargo that can be containerised or otherwise transported across borders.

- sophisticated concealments of gold within goods sent by regular mail or post parcel services.

Threat    

Terrorist financing

The assessment of the TF threat related to gold and other precious metals couriers shows that there are few indicators that terrorist groups use or have the intention to use this channel to finance terrorist activities.

Use of gold or diamonds does not constitute the most attractive and secure option for terrorist groups – although these assets are frequent in war zone since they are easy to trade. Some instances of foreign terrorist fighters who have changed their belongings into gold have been detected / reported but the situation is not recurrent and requires, in any case, planning and knowledge.

Conclusions: gold and precious metals couriers do not represent a preferred option for terrorist groups who tend to favour more the use of cash. In that context, the level of TF threat is considered as lowly significant to significant (2)

Money laundering

The assessment of the ML threat related to gold and other precious metals couriers shows that organised crime organisations have exploited this modus operandi to launder proceeds of crime. Unlike terrorist organisations, organised crime groups consider it as an attractive way to launder proceeds of crime. It requires more planning than cash couriers but without the need for major expertise as long as it concerns easy-tradable assets (i.e. preference for gold compared to other precious metals – diamonds compared to other stones). Operations are still at low costs. Hence perpetrators have the needed capacity and intention to use this modus operandi. LEAs report that other types of precious metals have been used (silver, platinum) but these are not frequent because they are less easily tradable and have higher exchange costs than gold/diamond.

Conclusions: the level of ML threat related to gold and other precious metals couriers is considered as significant (level 3)

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to gold and other precious metals couriers shows that

(a) risk exposure

The assessment of the TF vulnerability shows that the risk exposure is intrinsically linked to the cash based activity (anonymity, speediness). Hence the risk exposure is particularly important for this modus operandi.

(b) risk awareness

The sector shows limited awareness to the risks and the controls in place are particularly weak. LEAs have also noticed that criminal organisations use the benefit of the vagueness of the EU framework, in particular as far as cash controls disclosure are concerned.

(c) legal framework and controls

There are no controls in place through the mandatory declaration of transportation of precious metals/stones at the EU external borders (i.e. not covered by the Cash Control Regulation). These assets are not easy to detect. Controls in the countries of destination outside the EU do not allow mitigating the risks (conversion of gold/diamond in cash in country of destination without CDD).

Conclusions: gold and other precious metals couriers are not properly monitored because of the limited awareness of the sector. The controls in place are weak and the reliance on cash increases the vulnerability. There are no controls in place for declaring movement of precious metals/stones at the EU external border. In that context, the level of TF vulnerability related to gold and other precious metals couriers is considered as very significant (level 4).

Money laundering

The assessment of the ML threat related to gold and other precious metals couriers shows that:

(a) risk exposure

The risk exposure is intrinsically linked to the cash based activity (anonymity, speediness). Hence the risk exposure is particularly important for this modus operandi.

(b) risk awareness

The sector shows limited awareness to the risks and the controls in place are particularly weak. LEAs have also noticed that criminal organisations use the benefit of the vagueness of the EU framework, in particular as far as cash controls disclosure are concerned.

(c) Legal framework and controls

There are no controls in place through the mandatory declaration of transportation of precious metals/stones at the EU external borders (i.e. not covered by the Cash Control Regulation). Those assets are not easy to detect. Controls in the countries of destination outside the EU do not allow mitigating the risks (conversion of gold/diamond in cash in country of destination without CDD).

Conclusions: gold and other precious metals couriers are not properly monitored because of the limited awareness of the sector. The controls in place are weak and the reliance on cash increases the vulnerability. There are no controls in place for declaring movement of precious metals/stones at the EU external border. In that context, the level of ML vulnerability related to gold and other precious metals couriers is considered as very significant (level 4).

Mitigating measures

The Commission will present a legislative proposal revising the cash control Regulation to further mitigate those risks. In order to provide competent authorities with adequate tools, the proposal intends to:

·Enable authorities to act on amounts lower than the declaration threshold of EUR10 000, where there are suspicions of criminal activity;

·Improve the exchange of information between authorities and Member States;

·Enable competent authorities to demand disclosure for cash sent in unaccompanied consignments such as cash sent in postal parcels or freight shipments;

·Extend the definition of 'cash' so as to also include precious commodities acting as highly liquid stores of value such as gold, and to prepaid payment cards which are currently not covered by the standard cash control declaration.

Product

Investment real estate

Sector

Real estate sector, independent legal professionals, notaries, credit institutions

Description of the risk scenario

Perpetrators are laundering the proceeds of crime in the country by investing in the real estate sector. Perpetrators purchase an asset at below market price, paying the difference to the seller under-the-table in cash. Under or over valuation of property: back-to-back loan which may involve financial institutions or mortgage schemes

Perpetrators may invest, as non-resident, in a country (through visa systems) and develop ML/TF network (including via the complicit legal professionals)

Threat    

Terrorist financing

The assessment of the TF threat related to investment in real estate has been considered in conjunction with ML schemes related to investment in real estate in order to hide the illegal origin of the funds. In that context, the TF threat does not benefit from a separate assessment.

Conclusion: in that context, the assessment of the TF threat related to investment in real estate of activities is considered as very significant (level 4)

Money laundering

The assessment of the ML threat related to investment in real estate has highlighted the recurrent use of real estate sector by organised crime organisations to launder proceed of crime. The real estate sector is mostly used in combination with other sectors, such as TCSPs or legal advice, but presents some threat exposure in itself. Reliance on real estate does not require specific expertise or knowledge, and may be rather financially attractive depending on the services provided.

Conclusions: based on the strong evidence gathered by LEAs identifying real estate as recurrently used in ML schemes and due to the fact that their services may be combined with those provided by other non-financial professionals, the level of TF threat related to real estate is considered as very significant (level 4).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to investment in real estate has been considered in conjunction with ML schemes related to investment in real estate in order to hide the illegal origin of the funds. In that context, the TF threat does not benefit from a separate assessment.

Conclusion: in that context, the assessment of the TF vulnerability related to investment in real estate of activities is considered as very significant (level 4)

Money laundering

The assessment of the ML vulnerability related to investment in real estate shows that:

(a) risk exposure

Even if it is a decreasing phenomenon, the use of cash is still possible to finance real estate transactions, which increases the risk of anonymous transactions. More substantially, the risk exposure is increased by the fact that real estate agents are most of the time involved in a business relationship together with other professionals which hinder the effective monitoring of the business relationship (each sector relying on each other to conduct the controls). Real estate activities may be based on financial flows coming from outside the EU and high risk customers, such as PEPs.

(b) risk awareness

The level of awareness is uneven throughout the sector, and depends in particular on the size of the structure concerned. Bigger structures seem more aware of their risks to be misused and consider that they have a role to play in monitoring their customers. They are developing information and training tools, as well as risk assessments. Members of the sector are well aware about their legal obligations, such as cases where increased due diligence is required.

As far as small entities are concerned, this level of awareness is drastically lower because: (i) they are not necessarily integrated in a centralised organisational framework where guidance and training may be delivered; (ii) while they deal with a lower level of sales, they may have difficulty in understanding and applying a complex AML framework (this is the case in particular for single entrepreneurs); (iii) they tend to rely on other sectors to conduct the CDD. This last element tends to be a common feature of the whole sector, where real estate agents may consider that they are the sole responsible for the monitoring of the transactions as other professionals are involved. The same information may not be available at all stages of the transaction (for instance if the identity of the buyer changes for practical or commercial reasons) and this change does not appear at the beginning of the business relationship. The level of awareness of small entities depends on the extent of the training available.

In any case, the "scattering" of obliged entities involved does not simplify the implementation of controls and the understanding of the CDD to be applied. The supervision of the sector is also incomplete and based on weak information trails (no written contracts, solicitors used only to stamp a document).

(c) legal framework and controls in place:

Real estate agents are subject to AML requirements at EU level.

However, it appears that controls in place are not efficient enough. The involvement of several obliged entities in real estate transactions makes it more difficult for competent authorities to identify the role played by a real estate agent and in drawing red flags. On that matter, there are differences between countries as to the legal practices and procedures followed in a real estate transaction. In some countries, the estate agent is able to prepare the preliminary legal documentation (although a legal professional may be required to finalise the transaction), while in other countries, a solicitor prepares the legal documentation including the contract. The level of STRs is uneven, and when it's rather satisfactory, it is due to the reporting of obliged entities other than real estate agents (some real estate agents seem to consider that as they are not involved in the transfer of funds they are not in charge of the STR). The consequence is that investigative authorities may conduct their analysis but not on the basis of the real estate information. It is also important to mention that private sector representatives tend to consider that identification of the beneficial ownership remains an important challenge as the registration of such information is, at this stage, not mandatory. This is particularly the case when seller and buyer transact in "trust".

Conclusions: the real estate sector is not sufficiently organised to ensure raising a correct level of risk awareness. The involvement of different kinds of obliged entities in a real estate transactions/ business relationships tend to dissuade the sector to conduct its own customer due diligence. The level of STR is not satisfactory; the controls difficult to implement and there is a weak information trail. In that context, the level of ML vulnerability related to real estate sector is considered as significant/very significant (level 3/4).

Mitigating measures

1) for competent authorities

·Member States should ensure that competent authorities/self-regulatory bodies supervising real estate sector produce an annual report on supervisory measures put in place to ensure that the sector accurately apply its AML/CFT obligations. When receiving suspicious transaction reports, self-regulatory bodies shall report annually on the number of reports filed to the FIUs.

·On-site inspections commensurate the population of the real estate representatives in the Member State's territory.

2) for Member States

·Member States should provide guidance on risk factors arising from real estate transactions and specific training to face situations where several professionals are involved in the real estate transaction (estate agent, legal professional, financial institution).

Product

services from accountants, auditors, tax advisors

Sector

External accountants, auditors, tax advisors 

General description of the sector and related product/activity concerned

Tax advisers perform a range of different professional activities. In the area of tax advice, the main ones could be grouped as follows:

·Tax compliance: Preparation of tax returns, social security and payroll, compliance with various statutory reporting, registration or publication requirements;

·Advisory: Advice on specific tax-related questions that do not occur on a regular basis (e.g. inheritances, mergers or spin-offs, insolvencies, setting up of a company, purchase of immovable property), tax investigation, tax planning / tax optimisation;

·Tax litigation and appeals, advice on these proceedings, representation in criminal tax cases.

The main activities of tax advisers differ from country to country, depending on whether the tax profession is organised more similar to accountants or to lawyers.

In 7/22 countries (BE, ES, GR, IE, PT, RO, SK), tax advisers may not represent their clients before tax (or, where applicable, administrative) courts as this can only be done by lawyers; in Ireland and Spain however tax advisers may represent clients before tribunals in an appeals procedure. In 8 countries (FI, IT, LV, LU, NL, PL, CH, UK), tax advisers may represent their clients before court in fiscal matters but not in criminal tax matters (in Luxembourg, this refers to representation by accountants before the court in first instance). In 6 countries (AT, CZ, DE, HR, RU, UA), tax advisers may also represent their clients in criminal tax matters (although that does not take place in practice in CZ and HR). In 8 countries (AT, DE, FI, LV, NL, PL, RU, UA), tax advisers may represent their clients before the Supreme Court in tax matters while Austria and Finland point out that this applies only to the Supreme Administrative Court. In France, tax advisers are lawyers.

Whether or not tax adviser is a separate profession in a country, few tax advisers practice exclusively in tax. As tax is often related to other areas, it is common that tax advisers provide services in these fields as well (accounting, pension, consulting, legal, advice on company law, audit or arbitration).

At EU level, apart from the Treaty on the Functioning of the EU, a number of European directives have an impact on the tax profession:

- Professional Qualifications (PQ) Directive 2005/36/EC,

- Services Directive (2006/123/EC),

- Directives covering temporary services (1977/249/EEC) and establishment (1998/5/EC) of lawyers

- Directive 2005/60/EC

- Directive 2011/83/EU comes into play where tax advisers have consumer clients

- Directive 2000/31/EC applies to cross-border tax advisory services

No consolidated data on external accountants and auditors were provided at the time of the analysis. Statistics presented in Annex 4 give an indication of the size of the sector.

Description of the risk scenario

Perpetrators may employ or require the services of accountants, auditors or tax advisors with a more or less level of involvement of the accountant, auditor or tax advisor himself with the aim to:

- misuse client accounts,

- purchase of real property,

- creation of trusts and companies/ management of trusts and companies,

- undertaking certain litigation, setting up and managing charities

- over or under-invoicing or false declaration around import/export goods.

- providing assurance

- tax compliance

They may be involved in ML schemes through the creation of 'opaque structures' defined as business structures where the true identity of the owner(s) of entities and arrangements in that structure is concealed through the use of, for example, nominee directors. The creation of such structure often set up in multiple jurisdictions including offshore centres is complicated and requires both regulatory and tax services of professionals.

Threat    

Terrorist financing

The assessment of the TF threat related to services from accountants, auditors, tax advisors has been considered in conjunction with ML schemes related to services from accountants, auditors, tax advisors in order to hide the illegal origin of the funds. In that context, the TF threat does not benefit from a separate assessment.

Conclusion: in that context, the assessment of the TF threat related to services from accountants, auditors and tax advisors is considered as very significant (level 4)

Money laundering

The assessment of the ML threat related to services from accountants, auditors and tax advisors presents some commonalities with legal advice from legal professionals.

- as it is the case for all other legal activities, risk of infiltration or ownership by organised crime groups is a ML threat for accountants, auditors and tax advisors. These professionals may be unwittingly involved in the money laundering but may be also complicit or wilfully negligent in conducting their customer due diligence obligations.

- LEAs have evidence that organised crime organisations recurrently used tax advisors advice and seek out the involvement of this sector in their ML schemes. The reliance on tax advisors services is considered as a viable means to put in place ML schemes either because the involvement of this professional is needed to carry out certain type of activities or because access to specialised tax expertise and skills may assist the laundering of the proceeds of crime. Access to tax advisors legal services is quite easy and does not require specific competences or expertise in itself. As far as the setting up of the ML scheme is concerned, criminal organisations rely on these professions' skills which allow them not to develop these competences themselves. In addition, there is evidence that some criminals seek to co-opt and knowingly involve tax advisors in their money laundering schemes. Often however the involvement of tax advisors is sought because the services they offer are essential to the specific transaction being undertaken and they add respectability to the transaction.

Conclusions: Services from tax advisors/auditors/accountants are recurrently used in ML schemes, are considered as easily accessible and seen by organised crime organisations as a way to compensate their lack of expertise.

In that context, the level of ML threat related to services from accountants, auditors and tax advisors is considered as very significant (level 4).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to services from accountants, auditors, tax advisors has been considered in conjunction with ML schemes related to services from accountants, auditors, tax advisors in order to hide the illegal origin of the funds. In that context, the TF threat does not benefit from a separate assessment.

Conclusions: in that context, the assessment of the TF vulnerability related to services from accountants, auditors and tax advisors is considered as significant (level 3) similar to ML

Money laundering

The assessment of the ML vulnerability related to services from accountants, auditors and tax advisors shows that

(a) risk exposure of this sector is impacted by the fact that this sector could be quite often involved in the management of complex transactions involving tax related advice. These transactions may expose the sector to customers who may present high risk features (such as politically exposed persons for instance) or to complex legal entities or legal arrangements where the identification of the beneficial owner is particularly challenging. At the same time, this sector presents high ability to manage tax matters related to these complex legal entities and legal arrangements, as they constitute their core business.

(b) risk awareness:

Accountants, auditors and tax advisors are required to adhere to strict ethical or professional rules. They tend to consider that this should therefore be a sufficient deterrent to ML and TF occurring in or through their sector. It is nevertheless worth noting that this sector may also be infiltrated by organised crime organisation and that the supervisory bodies are not still well equipped to detect this kind of abuse (i.e. lack of fit and proper test requirement).

This sector benefits from a strong organisation framework at EU level. For instance, the Confédération Fiscale Européenne (CFE) embraces 26 national organisations from 21 European States, representing more than 200 000 tax adviser. Accountancy Europe unites 50 professional organisations from 37 countries that represent close to 1 million professional accountants, auditors, and advisors. The role of these organisations is to ensure exchange of information about national laws relevant to their sector and to co-ordinate respectively on EU legislation. It is nevertheless not always a guarantee of high quality cooperation with competent authorities. In addition, competent authorities and FIUs tend to consider that accountants, auditors and tax advisors are still not aware enough about the risks posed by opaque structures and mechanisms that are put in place to obscure the beneficial ownership.

(c) legal framework and controls

Accountants, auditors and tax advisors are subject to the EU anti-money laundering requirements since 2001. They shall apply customer due diligence where they participate, whether by acting on behalf of and for their client in any financial or real estate transaction, or by assisting in the planning or carrying out of transactions for their client concerning the (i) buying and selling of real property or business entities; (ii) managing of client money, securities or other assets; (iii) opening or management of bank, savings or securities accounts; (iv) organisation of contributions necessary for the creation, operation or management of companies; (v) creation, operation or management of trusts, companies, foundations, or similar structures.

Tax advisors, accountants and auditors represent a quite complex and diverse professional sector. Generally speaking, it is characterised by long-term business relationships which increase ability of professionals to detect unusual transactions or behaviour. Nevertheless, other activities which relate to one specific tax advice on a related transaction, that occur only once or at irregular intervals may lead the professional to fulfil its task without having a full understanding of his customer's financial situation. This variety has an impact on the level of the reporting that is better than lawyers, whilst still rather low. This low level of STRs is sometimes justified by the sector by the fact that, in this field, the professional in charge does not process or initiate a financial transaction on his customer's behalf. Red flags are not based on the transaction but on any unusual patterns of behaviour. Some of the work of accountants and tax advisors may include an element of investigation and auditing that may constitute useful intelligence for possible STRs.

Given that opaque structures can be created through many jurisdictions, including offshore centres, professionals avail of an opportunity to take advantage of tax and regulatory differences to sell professional services.

Conclusions: accountants, auditors and tax advisors are better organised than other legal professionals. However, they suffer from the same weaknesses as far as the controls and the management of the risks (BO in particular) are concerned. In that context, the level of ML vulnerability related to services from accountants, auditors and tax advisors is considered as significant (level 3).

Mitigating measures

1) for the Commission

·in the context of Directive (EU) 2015/849:

- transposition checks on the implementation of transparency requirements for beneficial ownership information (registration): Member States should notify technical elements of their national AML/CFT regime ensuring transparency requirements for beneficial ownership information;

- transposition checks on the implementation of identification requirements for beneficial ownership information (definition of the beneficial owner): Member States should notify technical elements of their AML/CFT regime related to beneficial owner definition

·in the context of Commission's proposal COM(2016)450: reinforcing the transparency requirements for beneficial ownership information on legal entities and legal arrangements

2) for competent authorities

·Member States should ensure that competent authorities/self-regulatory bodies supervising auditors, external accountants and tax advisors produce an annual report on supervisory measures put in place to ensure that the sector accurately apply its AML/CFT obligations. When receiving suspicious transaction reports, self-regulatory bodies shall report annually on the number of reports filed to the FIUs.

·On-site inspections commensurate to the population of auditors, external accountants and tax advisors representatives in the Member State's territory.

3) for Member States

·Member States should provide guidance on risk factors arising from transactions involving auditors, external accountants and tax advisors.

·Promote a better understanding for interpreting and applying the legal privilege by auditors, external accountants and tax advisors. Member States should issue guidance on implementation of the legal privilege: how to split between legal services subject to the very essence of legal privilege and other legal services not subject to legal privilege when provided to a same client. .

Product

Legal service from legal professionals

Sector

Independent legal professionals, lawyers, notaries

Description of the risk scenario

Perpetrators may employ or require the services of a legal professional (such as lawyers, notaries and other independent legal professions) with a more or less level of involvement of the legal professional himself:

- misuse of client accounts,

- purchase of real property,

- creation of trusts and companies/ management of trusts and companies,

- undertaking certain litigation

They may be involved in ML schemes through the creation of 'opaque structures' defined as business structures where the real identity of the owner(s) of entities and arrangements in that structure is concealed through the use of, for example, nominee directors. The creation of such structures often set up in multiple jurisdictions including offshore centres is complicated and requires both regulatory and tax services of professionals.

Threat    

Terrorist financing

The assessment of the TF threat related to legal service from legal professionals has been considered in conjunction with ML schemes related to legal service from legal professionals in order to hide the illegal origin of the funds. In that context, the TF threat does not benefit from a separate assessment.

Conclusion: in that context, the assessment of the TF threat related to services from legal professionals is considered as very significant (level 4)

Money laundering

The assessment of the ML threat related to legal services from legal professionals presents some commonalities with legal services from accountants, auditors and tax advisors.

- as it is the case for all other legal activities, risk of infiltration or ownership by organised criminal groups is a ML threat for accountants, auditors and tax advisors. These professionals may be unwittingly involved in the money laundering but may be also complicit or wilfully negligent in conducting their customer due diligence obligations.

- LEAs reported that organised crime organisations recurrently used legal services from legal professionals and seek out the involvement of this sector in their ML schemes. The reliance on legal professionals is considered as a viable means to put in place ML schemes either because the involvement of a legal professional is required to carry out certain type of activities or because access to specialised legal and notarial skills and services may assist the laundering of the proceeds of crime. In the case of lawyers in particular, they are exposed to misuse by criminals because engaging a lawyer adds respectability and an appearance of legitimacy to any activities being undertaken, while providing services which are methods that criminals can use to facilitate money laundering.

Access to legal professionals is not considered as particularly complex to criminal organisations. For criminal organisations, relying on legal professions' skills is a way to avoid developing these competences themselves.

Conclusions: according to LEA information, legal professionals are recurrently used in ML schemes. They are considered as easily accessible and the reliance on legal professionals allow organised criminal organisations to limit their expertise or knowledge's needs, and to bring a "stamp approval" to their actions. In that context, the level of ML threat related to legal professionals (lawyers, notaries and other independent legal professionals) is considered as very significant (level 4).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to legal service from legal professionals has been considered in conjunction with ML schemes related to legal service from legal professionals in order to hide the illegal origin of the funds. In that context, the TF threat does not benefit from a separate assessment.

Conclusion: in that context, the assessment of the TF threat related to services from legal professionals is considered as significant (level 3)

Money laundering

The assessment of the ML vulnerability related to legal advice from legal professionals shows that:

(a) risk exposure:

The risk exposure of this sector is affected by the fact that it could be quite often involved in the management of complex legal situations. In particular, the fact that legal services do not necessarily lead to handling proper financial transactions requires from legal professionals to trigger other kind of red flags that are more difficult to define (customer's behaviour).

(b) risk awareness:

The sector is not homogeneously organised (scope of legal professionals varies from one Member State to another) even though some EU organisations exist and play an important role in providing information on the application of AML/CFT requirements, in providing guidance and facilitating the exchange of information. They help in particular in setting up a list of red flags that members of the sector can use: client's behaviour or identity, concealment techniques (use of intermediaries, avoidance of personal contact), size of funds (disproportionate amount of private funding). The profession seems to be aware of some risks such as when the customer gives instruction from a distance about transactions, without legitimate reason or when there is a change in legal advisor a number of times within a short space of time or engagement of multiple legal advisers without good reasons.

In general, the level of STR reporting is very low when dealing with legal professionals. According to FIUs, this is much more the case when legal professionals rely on self-regulatory bodies (SRBs), as allowed under the EU AML framework. Indeed according to the EU AML framework, these SRBs shall forward the suspicious transactions reports to the FIU "promptly and unfiltered". Based on the information provided by the private sector, the reliance on SRBs is required by 6 Member States national laws (Belgium, Czech Republic, France, Germany, Greece, Luxembourg) while for 19 other Member States the law does not require that STRs should be sent to the SRB instead of the FIU (Austria, Cyprus, Estonia, Finland, Hungary, Ireland, Italy, Latvia, Lithuania, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and United Kingdom). In Denmark, the reliance on an SRB is left to the lawyer's discretion who can ask the bar for advice/an opinion before reporting to the FIU. If the lawyer decides to ask the bar for advice, the lawyer should not contact the FIU until the bar has provided its opinion on whether or not to bring the case forward to the FIU. FIUs reported that when provided by national laws or used by lawyers on their own decision, these SRBs may act as "filters" of the STR which led to a very low level of reporting (if at all). The quality of the supervision of the sector is also considered as too weak, due to differences in the organisation of the sector at national level.

(c) legal framework and controls

Notaries, lawyers and other independent legal professionals are subject to the EU anti-money laundering requirements since 2001. They shall apply customer due diligence where they participate, whether by acting on behalf of and for their client in any financial or real estate transaction, or by assisting in the planning or carrying out of transactions for their client concerning the (i) buying and selling of real property or business entities; (ii) managing of client money, securities or other assets; (iii) opening or management of bank, savings or securities accounts; (iv) organisation of contributions necessary for the creation, operation or management of companies; (v) creation, operation or management of trusts, companies, foundations, or similar structures.

Legal professionals are organised and regulated in different ways depending on the Member States concerned. In addition, regulators and FIUs consider that the level of controls applied by legal professions' competent authorities is too weak. Legal services are also often carried out face-to-face which present a specific challenge for the protection of employees.

The legal privilege is a recognised principle at EU level which reflects a delicate balance in light of the European Court of Justice ECJ case law on the right to a fair trial (C-305/05), itself reflecting the principles of the European Court of Human Rights as well as of the Charter (such as article 47). At the same time, there are cases where these professionals sometimes conduct activities that are covered by the legal privilege (i.e. ascertaining the legal position of their client or defending or representing their client in judicial proceedings) and at the same time activities that are not covered by the legal privilege, such as providing legal advice in the context of the creation, operation or management of companies. It appears that in such situations, sometimes legal professionals might treat all these activities as captured by the legal privilege principle which might lead to the non-compliance with AML/CFT obligations for parts of the activities. The remit of confidentiality, legal professional privilege and professional secrecy varies from one country to another, and the practical basis on which this protection can be overridden is not always clear or easily understood. This may hinder (i) the STR requirement and related investigative actions (while legal professionals may cease to act but not make an STR when legal professional privilege or professional secrecy applies), and (ii) the exchange of information between FIUs. This aspect of the legal professionals' activity is particularly important, as it may increase criminal organisations' perception that legal privilege is designed to protect them. It also plays a role in the weaknesses identified in that sector to identify red flags in particular as far as beneficial ownership identification is concerned.

Conclusions: risk awareness of the sector is limited due to the organisational framework and the interpretation/scope of the legal privilege principle. Despite a legal framework in place, the number of STRs is still very low and the supervision of the sector does not ensure a proper monitoring of the possible ML abuses. In that context, the level of ML vulnerability related to legal advice from legal professionals is considered as significant (level 3).

Mitigating measures

1) for the Commission

·in the context of Directive (EU) 2015/849:

- transposition checks on the implementation of transparency requirements for beneficial ownership information (registration): Member States should notify technical elements of their national AML/CFT regime ensuring transparency requirements for beneficial ownership information;

- transposition checks on the implementation of identification requirements for beneficial ownership information (definition of the beneficial owner): Member States should notify technical elements of their AML/CFT regime related to beneficial owner definition

·in the context of Commission's proposal COM(2016)450: reinforcing the transparency requirements for beneficial ownership information on legal entities and legal arrangements

2) for competent authorities

·Member States should ensure that competent authorities/self-regulatory bodies supervising independent legal professionals, lawyers, notaries produce an annual report on supervisory measures put in place to ensure that the sector accurately apply its AML/CFT obligations. When receiving suspicious transaction reports, self-regulatory bodies shall report annually on the number of reports filed to the FIUs.

·On-site inspections commensurate to the population of independent legal professionals, lawyers, notaries representatives in the Member State's territory

3) for Member States

·Member States should provide guidance on risk factors arising from transactions involving independent legal professionals, lawyers, notaries.

·Promote a better understanding for interpreting and applying the legal privilege by notaries and independent legal professionals. Member States should issue guidance on implementation of the legal privilege: how to split between legal services subject to the very essence of legal privilege and other legal services not subject to legal privilege when provided to a same client..

·Self-regulatory bodies should make efforts to increase the number of thematic inspections and reporting. They should also organise training to develop a better understanding of the risks and AML/CFT compliance obligations.

General description of the sector and related product/activity concerned

The 4th Anti-Money Laundering Directive ("4AMLD") defines a gambling service as a service which involves wagering a stake with monetary value in games of chance, including those with an element of skill, such as lotteries, casino games, poker games and betting transactions that are provided at a physical location, or by any means at a distance, by electronic means or any other technology for facilitating communication, and at the individual request of a recipient of services.

The term "gambling" thus refers to a range of different services and distribution channels. For the purpose of this risk assessment, the gambling sector has been split into land-based (offline) and online gambling, with the land-based sector further divided into betting, bingo, casinos, gaming machines, lotteries and poker. A further division into different online gambling products has not been considered necessary, at this stage, for this purpose as the relevant risks, threats and vulnerabilities appear to be primarily linked to the nature of online transactions generally rather than to specific forms of online gambling.

There is no sector-specific EU legislation on gambling; Member States are free to set the objectives of their policy and to define the level of protection sought for the purpose of protecting consumers and preventing criminality, including money laundering. However, the provisions of the EU Treaty apply. The Court of Justice of the European Union has provided general guidance on the interpretation of the fundamental internal market freedoms in the area of gambling, taking into account its specific nature. While Member States may restrict or limit the cross-border supply of gambling services on the basis of public interest objectives that they seek to protect, they are required to demonstrate the necessity and suitability of the measures in question and that they are being pursued in a consistent and systematic manner.

The gambling sector in the EU is thus highly diverse, ranging from monopolistic regimes (run by a state-controlled public operator or by a private operator on the basis of an exclusive right) to licensing systems, or a mix thereof. In response to the societal, technological and regulatory challenges and developments, a significant number of Member States has and/or are in the process of reviewing their gambling legislation taking into account new forms of gambling services, which has led to an increase in the offer of gambling services by operators authorised in an EU Member States as well as cross-border offers not authorised under national rules in the recipient Member State.

The gambling sector is characterised by fast economic growth and technological development. For example, online gambling revenues in the EU were estimated at around EUR 16.5 billion in 2015, and expected to rise to around EUR 25 billion by 2020. The revenue of the offline/land-based gambling market is equally expected to increase from around EUR 77.5 billion in 2015 to around EUR 82-84 billion in 2020.

Through non-legislative actions, pursuant to the 2012 Communication “Towards a comprehensive European framework for online gambling” (COM (2012) 596 final), the Commission has encouraged Member States to provide a high level of protection, in particular in the light of evidence concerning risks associated with gambling that include the development of addictive disorders and other negative personal and social consequences. In particular, in a Recommendation on the principles for the protection of consumers and players of online gambling services and for the prevention of minors from gambling online (2014/478/EU), the Commission sets out practices aimed at limiting social harm, some of which may be relevant for anti-money laundering purposes, for example registration and verification processes.

In addition, effective supervision is necessary for the appropriate protection of public interest objectives. Member States should designate competent authorities and lay down clear guidance for operators, also in view of anti-money laundering. The Commission’s Expert Group on Gambling Services brings together gambling regulators from all EEA jurisdictions for regular meetings which offer the opportunity to discuss common challenges and exchanges best practices, which, for example, has resulted in a Cooperation Arrangement between the gambling regulatory authorities of the EEA Member States concerning online gambling services (signed by most Member States in 2015).

Controlling the growing, so-called, unauthorised gambling offer and channelling unauthorised gambling offers into the authorised, regulated gambling sector are some of the most important and challenging tasks for regulators across the EU. Across the EU, millions of consumers are estimated to gamble on unauthorised online gambling sites. In connection to this, it is also necessary to create awareness about the inherent risks of unregulated gambling websites, such as fraud, that are outside any form of control at the level of the Union. The extent of such unauthorised, usually online, offers, vary considerably from Member State depending to a large extent the well-functioning of the authorised market.

The unauthorised market, risks and control thereof is outside the scope of this exercise, based on the assumption that it is not possible to directly launder money through an illegal activity (winnings would remain illegal). However, regulators and obliged entities should be aware of online techniques which may make it possible to disguise the true identity of users and sources of money while creating the appearance of legitimate transactions and thus allowing the money to be used in future transactions in legal markets.

Application of 4AMLD

Following the requirements of AMLD4, the whole gambling sector service providers are subject to AML/CFT requirements at the stage of the collection of winning, the wagering of a stake, or both, when carrying out transactions amounting to EUR 2000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked.

However, with the exception of casinos, Member States may decide – in proven low-risk circumstances - to exempt certain gambling services from the AMLD4 requirements. The use of an exemption by a Member State should be considered only in strictly limited and justified circumstances. Such exemption should be subject to a specific risk assessment, including the nature and scale of operations of such services and the degree of vulnerability of applicable transactions, and shall be notified to the Commission together with a justification based on the specific risk assessment. In their risk assessments, Member States shall indicate how they have taken into account any relevant findings in the reports issued by the Commission in the framework of the supranational risk assessment.

Product

Betting (land-based/offline)

Sector

Gambling sector

General description of the sector and related product/activity concerned

Offline, or land-based, betting services (including horse and dog racing, event betting) offered in dedicated authorised outlets, by authorised retailers (who receive a commission on each bet but also offer other services) or in areas where sport events take place (often horse or dog race tracks). The amount of the prize can either depend on the total amount of the pre-paid stakes (i.e. the so-called “totalisator systems”, pari mutuel or “pool betting”) or on the stake-winnings ratio that is agreed between the bookmaker and the player (i.e. pari à la cote or “fixed-odds betting”). The number of service providers that can offer betting services in a Member State may be fixed (including to a single monopoly provider) or open to a non-restricted number of operators that meet certain criteria. Minimum and/or maximum numbers of retail outlets per licenced provider can also be defined.

Description of the risk scenario

Three basic scenarios have been identified:

(1) a perpetrator places a bet and cashes in the winnings (conversion);

(2) a perpetrator deposits cash into their betting account and withdraws it after a period of time without actually staking it (concealment);

(3) a perpetrator places money in a betting account in one location and an accomplice withdraws the funds in another location (concealment, disguise and transfer).

A perpetrator can increase their odds of winning by placing bets on a series of events which will give more favourable accumulated odds -or reduce the risk of losing by hedging bets (i.e. betting on both possible outcomes of the same event).

A perpetrator can also remove any uncertainty altogether by approaching a winner and purchasing the winning betting slip.

Threat    

Terrorist financing

The assessment of the TF threat related to betting activities has not been considered as relevant. In that context, the TF threat is not part of the assessment.

Conclusions: not relevant

Money laundering

The assessment of the ML threat related to betting activities shows that:

- as it is the case for all other gambling activities, one of the ML threats related to betting activities is the risk of infiltration or ownership by organised crime groups.

The level of threat related to the risk of infiltration may vary depending on the structure where the betting activities occur. In the case of national sport betting monopolies, the risk of infiltrating the ownership of the sport betting operator itself is close to inexistent. However, it is possible that individual retailers on which they rely to sell their betting services to end customers could be infiltrated.

The infiltration by organised crime organisations in betting activities requires moderate levels of planning or technical expertise, and relies mostly on mechanisms allowing concealing the identity of the beneficial owner, such as the registration of assets under the name of third parties (frontmen).

- another recurring threat is match-fixing. Investigations have shown that criminal groups use betting (to profit from fixing sport competitions in the EU). Agents and intermediaries corrupt or intimidate players and/or referees to guarantee their desired outcome in a match, while agents place huge amounts of money betting online, or offline, outside the EU. In such case, match fixing requires contacts (and normally money transfers) between gamblers, players, team officials, and/or referees. A related threat is betting on fictitious matches, or events, although this is rather linked to online betting.

- finally, purchasing of winning tickets to ensure winnings may represent another criminal groups intent to launder money.

Conclusion: Law enforcement authorities have identified several modi operandi that may be used by organised crime groups when dealing with betting activities. Beyond the horizontal threat which is the risk of infiltration and ownership, the other important aspect is match-fixing. The intent and capabilities of organised crime groups to use these modi operandi require moderate levels of planning, knowledge and expertise, given that they are perceived as rather attractive and secure to achieve a financially viable option.

In that context, the level of ML threat related to betting activities is considered as significant (level 3)

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to betting activities has not been considered as relevant. In that context, the TF threat is not part of the assessment.

Conclusions: not relevant

The assessment of the ML vulnerability related to betting activities shows:

(a) risk exposure:

Betting activities are characterised by significant volumes of speedy and anonymous transactions, frequently cash based. While the use of cash is reducing due to alternative betting methods, it still represents more than 50% of turnover in some countries. Cash is used essentially for confidentiality or reputational reasons by many bettors.

According to industry experts, possible red flags are bets accepted with large stakes at extremely short odds which are likely to guarantee a return; customers regularly requesting copies of winning bets or receipts of winning tickets; customers paying in cash and regularly requesting winnings to be paid via cheque or by debit card; customers regularly requesting receipts when collecting machine winnings.

(b) risk awareness:

- according to the FIUs the betting sector is not sufficiently aware of the risks as demonstrated by a low level of STRs, as well as their poor quality.

- vulnerability to ML risks is significantly increased by the reliance on distribution networks (kiosks, retailers, points of sale) which are not necessarily submitted to AML/CFT requirements. The identification of the customer is under the responsibility of individual retailers working for the betting operator who may not always have the possibility to detect suspicious transactions (e.g. cumulative bets, division of high bets or unusual bets), depending on how relationships between operators and retailers are organised. The level of STRs is uneven and part of the sector is still not well aware about the risks and/or what types of transactions to report (no consistent reporting obligations).

- according to representatives of the betting sector, there are wrong perceptions and lack of understanding from FIUs and other competent authorities about the risk factors inherent to betting. It seems that FIUs have some a priori on the type of suspicions a gambling operator shall report (FIUs expect suspicious cases of match-fixing while the operator tends to report anomalous amounts in the transaction). Betting operators are suffering from a lack of feedback from FIUs about the STRs.

In addition, betting operators are developing CDD requirements that could mitigate the risks of ML. Even in absence of national requirements to do so, some betting operators are imposing systematic identification of winners (over a certain amount), focusing on the beneficial owner for instance. They could also offer payment methods to limit the use of cash and deploy players' cards to increase operator's knowledge of its customers.

(c) legal framework and controls:

Betting activities are not covered by the current EU AML framework (3AMLD). However, based on its minimum harmonisation principles, some Member States have already extended their national AML/CFT regimes to betting . This has created discrepancies from one Member State to another in terms of regulation, supervision of the sector and enforcement of AML/CFT rules.

Despite the absence of EU legal requirements, certain Member States have already put in place legislation covering ML aspects of betting, and/or specific requirements in licensing agreements. When this is the case, regulations in place tend to be strict both at the level of the granting of an authorisation (fit and proper AML check of key personnel) and at the level of ongoing reporting obligations. These reporting obligations shall occur each time there are any concerns in relation to the customer, such as knowing whether the staking and loss levels are a cause for concern relating to AML/CFT or whether the customer gambling's habits are consistent with his lifestyle). This implies an effective internal reporting process and a good AML knowledge both from the management and the staff. In that respect, some national legislation requires from the betting sector to conduct a sectorial risk assessment showing that suitable controls and procedures are in place.

However, although some rules are already in place in certain Member States, competent authorities still have concerns about the enforceability of the controls, in particular the monitoring of the bets to detect ML risks in real time and the possibility to suspend the bets in case of suspicion. Given the nature of betting activities (including high-volume or sometimes last- minute betting), it appears challenging to put in place an accurate CDD regime and this needs to be addressed. The reliance on retailers presents an additional level of uncertainty in terms of CDD, considering that some points of sale are not exclusively dedicated to betting and do not have the possibilities and the means to operate such controls (knowing that betting could occur in bars, restaurants, supermarkets, book-shops or gas stations).

Conclusion:

Betting activities do not represent a homogeneous business model, nor are they covered by coherent AML/CFT rules at national level. From a vulnerability assessment point of view, the lack of harmonised AML/CFT regime plays an important role. While it is undeniable that nationally, some betting operators are well aware about their ML/TF risks and their corresponding obligations, it is still uncertain whether they are able to put in place accurate and comprehensive controls due to the characteristics of betting activities (significant volumes of speedy and anonymous transactions, often cash based). Current legislation or rules set out in licence conditions could be improved to better ensure sufficient controls, although the vulnerability assessment shows that risk awareness seems to have increased within betting operators which have started developing some mitigating measures (such as systematic controls above a threshold or alternative payment tools to limit the use of cash).

The apparent lack of understanding by competent authorities and FIUs on the functioning of the betting activities is another obstacle to good AML/CFT risk assessment and guidance. The low level of feedback from FIUs constitutes also a weakness in the mitigation of AML/CFT risks.

In that context, the level of ML vulnerabilities related to betting activities is considered as significant (level 3).

Mitigating measures

1) For competent authorities

·Member States should improve cooperation between relevant authorities (FIUs, LEAs, police, sectorial regulatory bodies such as gambling regulators) to better understand the risks factors inherent to betting activities and to be able to provide efficient guidance.

·Member States should ensure a regular cooperation between relevant authorities and betting operators. This better cooperation will focus on:

- strengthening the detection of suspicious transactions and to increase the number and the quality of the STRs;

- organising training sessions of the staff and compliance officers, with particular focus on risks of infiltration or ownership by organised crime groups and risk assessments of their products/business model to be reviewed regularly;

- provision by supervisory authorities of clearer guidance on AML/CFT risks, on CDD and on STR requirements and how to identify the most relevant indicators to detect money laundering risks;

- ensuring that FIUs provide feedback to betting operators about the quality of the STR, ways to improve the reporting and about the use made of the information provided in, preferably within a set period of time;

- developing standardised STR/SAR template(s) at EU level taking into account specificities of gambling sector

2) For the sector

·Member States should ensure that betting operators organise training sessions of the staff, compliance officers and retailers on a regular basis, with particular focus on risks of infiltration or ownership by organised crime groups and risk assessments of their products/business model to be reviewed regularly;

·Member States should ensure that betting operators promote player's cards, or use of electronic identification schemes, to facilitate the identification of the customer and to limit the use of cash, and real-time monitoring systems to identify suspicious transactions at point of sales;

·Member States should ensure that betting operators designate an AML officer at the premises when it is not already the case

·Member States should ensure that betting operators promote systematic risk-based CDD of the winners, and promote a lower threshold of winnings subject to CDD (currently at EUR 2000 as provided by Article 11 d) of Directive (EU) 2015/849).

3) For the Commission

The Commission should provide guidance on Article 11(d) concerning the implementation of CDD in case of "several operations which appear to be linked".

Product

Bingo (land-based/offline)

Sector

Gambling sector

General description of the sector and related product/activity concerned

Offline or land-based, bingo is a game of chance, in which the player uses a scorecard or an electronic representation thereof bearing numbers and is played by marking or covering numbers identical to numbers drawn by chance, whether manually or electronically, and won by the player who first marks or covers the “line” which is achieved when, during one game, for the first time all five numbers on one horizontal row on one scorecard are drawn; or the “house” or “bingo” is achieved when, during one game, for the first time all the numbers on one scorecard are drawn.

Prizes may be given in kind (vouchers), paid immediately at the gambling venue, or given as cash prizes. They can also consist in household items, novelty items or food. In some Member States, limited money prizes are nevertheless possible and in other Member States, nothing prevents providers of bingo services from offering purely cash prizes. Bingo is primarily a locally based, SME-driven activity which rarely transcends national borders. While in most Member States bingo is considered a game of chance, in many others it is considered a form of lottery.

Description of the risk scenario

A perpetrator purchases cards - traditionally with cash - on which a random series of numbers are printed. Players mark off numbers on their cards which are randomly drawn by a caller (employed by the gambling operator), the winner being the first person to mark off all their numbers. A winning card could be purchased for a higher amount, like a lottery ticket or betting slip.

Threat    

Terrorist financing

The assessment of the TF threat related to bingo has not been considered as relevant. In that context, the TF threat is not part of the assessment.

Conclusions: not relevant

Money laundering

The assessment of the ML threat related to bingo shows that:

- as it is the case for all other gambling activities, one of the ML threat related to bingo activities is the risk of infiltration or ownership by organised crime groups. The level of threat related to the risk of infiltration may vary depending on the structure where bingo activities occur. In case of bingo, it appears that infiltration occurs when street criminals run bars where bingo draws are not controlled and may be used for ML purposes (make the funds licit while coming from illegitimate origin).

- except the risk of infiltration, this risk scenario is rarely used by criminals to launder proceed of crime due to the fact that it is financially not very attractive as amounts at stake are quite small and outcome insecure (drawings based on chance).

Conclusions: 

Beyond the horizontal threat which is the risk of infiltration and ownership, bingo is not considered by LEAs and other competent authorities as an attractive scenario to launder proceeds of crime. The chance component of bingo makes it rather unattractive and highly insecure. There are few indicators that criminals have the capabilities and intent to use it, and in any case, it would likely be for very low amounts of winning.

In that context, the level of ML threat related to bingo is considered as lowly significant (level 1).

Vulnerability

Terrorist financing

The assessment of the TF vulnerability related to bingo has not been considered as relevant. In that context, the TF threat is not part of the assessment.

Conclusions: not relevant

Money laundering

The assessment of the ML vulnerability related to bingo shows:

(a) risk exposure:

The scale of bingo's activities is rather limited and represents a low level of financial transactions. When played offline, the activity is mostly cash based. It relies on relatively low stakes and winnings, with prices often in kind. It involves no or very low level of high risk customers and/or high risk areas.

(b) risk awareness :

Considering the absence of cases where bingo has been used to launder proceeds of crime, this component is difficult to assess. Equally, it has not been possible to determine if the lack of ML cases is due to the high level of awareness of ML risks or rather to the low level of intent of criminal organisations to use this scenario.

(c) legal framework and controls:

Bingo activities are not covered by the current EU AML framework (3AMLD). However, based on minimum harmonisation principles of it, some Member States have already extended their national AML/CFT regimes to bingo. This has created discrepancies from one Member State to another in term of regulation, supervision of the sector and enforcement of AML/CFT rules.

In the case of bingo, this gambling activity does not exist in all Member States, but where it exists, it should be subject to AML regulation. At national level, bingo operators may either be covered under the regulation of casinos or they may benefit from a specific regulation (e.g. football club owning its own bingo house). Representatives of the bingo sector have mentioned that thresholds are put in place for systematic identification, which has been confirmed by competent authorities which tend to confirm that controls are in place and that they are rather efficient. Once again, the relatively low levels of amounts at stake and/or winnings play a role in the overall vulnerability assessment.

Conclusion: The characteristics of bingo makes it lowly vulnerable to ML risks. It is largely based on chance, with fairly low stakes and winnings (often in kind). Although mainly cash based, this activity does not involve particularly high amounts of stakes. In countries with bingo activities, it should be subject to AML/CFT rules with controls in place which seem rather efficient and satisfactory. It should be noted that the risk awareness component was not possible to assess properly due to the lack of reported cases. In that context, the level of the ML vulnerability is considered as lowly significant (level 1).

Mitigating measures

Member States should ensure that bingo operators organise training sessions of the staff and compliance officers on a regular basis, with particular focus on risks of infiltration or ownership by organised crime groups and risk assessments of their products/business model to be reviewed regularly. In view of this they should also continue monitoring bingo activities to identify possibly future risks.

Product

Casino (land-based/offline)

Sector

Gambling sector

General description of the sector and related product/activity concerned

In several countries (Belgium, the Czech Republic, France, Luxembourg, Portugal and Slovakia), a casino (offline/physical establishment) is defined as a place where games of chance are organised (whether automatic or not) and where other cultural and social activities (theatre, restaurants) take place. In other countries (Austria, Denmark, Estonia, Finland, Germany, Latvia, Malta, the Netherlands and Sweden), it is not necessary that the casino manages other social or cultural activities, whereas some Member States (Denmark, Finland, Ireland and the United Kingdom) have not directly defined the concept of casino gaming.

Casinos may be state or privately owned and in some Member States, only a single operator is licensed (Finland, Austria, the Netherlands and Sweden).

Casinos are the only gambling services covered by EU AML legislation (Directive 2005/60/EC - 3rd Anti-Money Laundering Directive).

Description of the risk scenario