Preventing abuse of the financial system for money laundering and terrorism purposes (from 2027) – Member States’ mechanisms

KEY POINTS

EU Member States:

• may decide to apply all or part of Regulation (EU) 2024/1624 to other activities they consider exposed to money-laundering and terrorist-financing risks, informing the European Commission, justifying the decision and assessing the impact of such application on the provision of services within the internal market;
• ensure:
  • currency exchange or cheque cashing offices and trust or company service providers are licensed or registered,
  • providers of gambling services are regulated,
  • other obliged entities comply with minimum registration requirements to enable supervisors to identify them;
• must mitigate money-laundering risks, if they grant residency rights in exchange for an investment, by:
  • putting in place a risk management process, overseen by a designated authority, to identify, classify and mitigate risks,
  • applying measures, including checks on an applicant’s profile and source of wealth with verification against existing records and periodic reviews of medium and high-risk applicants,
  • publishing a public annual report on the number of applications, applicants’ countries of origin, residence permits granted or rejected and any change in the financial risks identified,
  • informing the Commission by 10 July 2028 of all the measures taken;
• require supervisors to check that senior management in obliged entities are of good repute, act with honesty and integrity and are equipped to do their job.

Risk assessments

The Commission:

• assesses the risks of cross-border money laundering, of terrorist financing and of non-implementation and evasion of targeted financial sanctions affecting the internal market and relating to cross-border activities;
• must draw up a public report of its findings by 10 July 2028, updating it every four years, or more frequently if needed.

Member States:

• carry out national risk assessments to identify, assess, understand and mitigate the risks of ML/TF and non-implementation and evasion of targeted financial sanctions;
• keep the assessments up to date and review them every four years;
• designate an authority to coordinate their response to the risks of money laundering, terrorist financing and the non-implementation and evasion of targeted financial sanctions;
• keep comprehensive statistics on the effectiveness of their AML/CFT structure.

Central beneficial ownership registers

Member States ensure:

• beneficial ownership information is adequate, accurate and up to date, and is held in a central national register;
• the central beneficial ownership registers are interconnected via the European Central Platform;
• competent national authorities and the Authority for Anti-Money-Laundering and Countering the Financing of Terrorism (AMLA) have immediate, unfiltered, direct and free access to the information without alerting the subject of the search;
• individuals and organisations able to demonstrate a legitimate interest, such as journalists, civil-society bodies, academia and various authorities, have access to information on, for example, the name, nationality, country of residence, and nature and extent of the beneficial interest held by the owner;
• safeguards are in place to restrict access to personal information where the owner is a minor or could be at risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation.

Information on payment, bank, securities and crypto-asset accounts and safe-deposit boxes

Member States ensure:

• centralised automated mechanisms (central registers or electronic data retrieval systems) are in place to identify holders of payment accounts, bank accounts identified by an international bank account number (IBAN) (including virtual IBANs), securities accounts, crypto-asset accounts and safe-deposit boxes;
• the interconnection of the centralised automated mechanisms through the Bank Account Registers’ Interconnection System that will be developed and operated by the Commission;
• the details are fully available to FIUs, AML/CFT supervisors and AMLA.

Real estate information

Member States:

• establish a single access point for information on the ownership of real estate property that the relevant authorities may access directly and for free;
• ensure the information contains the following minimum details:
  • property – cadastral information, geographical location, area/size and type of property,
  • ownership – name of the individual, legal entity or legal arrangement and purchase price,
  • legal claims (encumbrances) – mortgages, judicial restrictions, property rights or other guarantees,
  • history – ownership, price and related encumbrances,
  • relevant documents.

Financial intelligence units

Each Member State establishes an FIU to prevent, detect and effectively combat money laundering, its predicate offences and terrorist financing. The FIU:

• is a single central unit responsible for receiving and analysing suspicious transaction reports filed by obliged entities;
• disseminates the results of its analyses to the relevant competent authorities when it suspects ML/TF;
• appoints a fundamental rights officer to ensure compliance with the law;
• has immediate and direct access to a range of financial, administrative and law enforcement information;
• responds to requests for information and provides this spontaneously to AML/CFT supervisors;
• can act immediately to suspend or withhold consent to a transaction or an account it considers linked to ML/TF;
• may instruct obliged entities to monitor transactions or activities they manage for anyone presenting a significant risk;
• presents an annual report containing information on its work and on trends and typologies identified;
• cooperates with other FIUs and carries out joint analyses of suspicious transactions and activities.

Anti-money-laundering supervision

National supervisors:

• ensure obliged entities comply with their obligations stemming from the EU AML/CFT regime;
• provide information on ML/TF (e.g. the Commission risk assessment, national or sectoral risk assessments, relevant guidelines and recommendations issued by AMLA) to the obliged entities under their supervision;
• apply a risk-based approach to supervision;
• inform the FIU promptly of any relevant facts or findings;
• establish dedicated AML/CFT supervisory colleges when a group of credit or financial institutions operates in at least two different Member States or a non-EU credit or financial institution has set up establishments in at least three Member States.

Member States ensure:

• fines are imposed on obliged entities for serious, repeated or systematic breaches of the law;
• supervisors can apply administrative measures such as recommendations, specific corrective measures and business restrictions backed by periodic penalty payments for non-compliance;
• policymakers, FIUs, supervisors, including AMLA, and other relevant authorities cooperate, especially to combat ML/TF and implement targeted financial sanctions.

AMLA, cooperating with the European Central Bank, the European Public Prosecutor’s Office, Europol (the European Union Agency for Law Enforcement Cooperation), Eurojust (the European Union Agency for Criminal Justice Cooperation) and the European supervisory authorities, issues cooperation and procedure guidelines.

Final provisions

The Commission:

• has the power to adopt delegated acts for an indeterminate period as from 9 July 2024;
• reports to the European Parliament and the Council of the European Union by 10 July 2032, and every three years thereafter, on the implementation of the directive.

The directive amends Directive (EU) 2019/1937 (see summary) and amends and repeals Directive (EU) 2015/849 (see summary) from 10 July 2027.