EUROPEAN COMMISSION

Brussels, 20.7.2021

COM(2021) 423 final

2021/0250(COD)

Proposal for a

DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849

(Text with EEA relevance)

{SWD(2021) 190, 191}
{SEC(2021) 391}

EXPLANATORY MEMORANDUM

1.CONTEXT OF THE PROPOSAL

•Reasons for and objectives of the proposal

Money laundering and terrorist financing pose a serious threat to the integrity of the EU economy and financial system and the security of its citizens. Europol has estimated that around 1% of the EU’s annual Gross Domestic Product is ‘detected as being involved in suspect financial activity’ 1 . In July 2019, following a number of prominent cases of alleged money laundering involving credit institutions in the Union, the Commission adopted a package 2 analysing the effectiveness of the EU Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) regime as it stood at that time, and concluding that reforms were necessary. In this context, the EU’s Security Union Strategy 3 for 2020-2025 highlighted the importance of enhancing the EU’s framework for anti-money laundering and countering terrorist financing in order to protect Europeans from terrorism and organised crime.

On 7 May 2020 the Commission presented an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing 4 . In that Action Plan, the Commission committed to take measures in order to strengthen the EU’s rules on combating money laundering and terrorist financing and their implementation and defined six priorities or pillars:

1.    Ensuring effective implementation of the existing EU AML/CFT framework,

2.    Establishing an EU single rulebook on AML/CFT,

3.    Bringing about EU-level AML/CFT supervision,

4.    Establishing a support and cooperation mechanism for Financial Intelligence Units (FIUs),

5.    Enforcing EU-level criminal law provisions and information exchange,

6.    Strengthening the international dimension of the EU AML/CFT framework.

While pillars 1, 5 and 6 of the Action Plan are being implemented, the other pillars demand legislative action. This proposal for a Regulation is part of an AML/CFT package of four legislative proposals that is considered as one coherent whole, in implementation of the Commission Action Plan of 7 May 2020, creating a new and more coherent AML/CFT regulatory and institutional framework within the EU. The package encompasses:

–a proposal for a Regulation on the prevention of the use of the financial system for the purposes of money laundering (ML) and terrorist financing (TF) 5 ;

–this proposal for a Directive establishing the mechanisms that Member States should put in place to prevent the use of the financial system for ML/TF purposes, and repealing Directive (EU) 2015/849 6 ;

–a proposal for a Regulation creating an EU Authority for anti-money laundering and countering the financing of terrorism (‘AMLA’) 7 , and

–a proposal for the recast of Regulation (EU) 2015/847 expanding traceability requirements to crypto-assets 8 .

This present legislative proposal, together with a proposal for an AML/CFT Regulation and a proposal for a recast of Regulation (EU) 2015/847, fulfils the objective of establishing an EU single rulebook (pillar 2).

Both the European Parliament and the Council lent their support to the plan set out by the Commission in the May 2020 Action Plan. In its resolution of 10 July 2020, the European Parliament called for strengthening Union rules and welcomed plans to overhaul the EU AML/CFT institutional set-up 9 . On 4 November 2020, the ECOFIN Council adopted Conclusions supporting each of the pillars of the Commission’s Action Plan 10 .

The need for the combination of harmonised rules via an AML/CFT Regulation and stronger rules on the national AML/CFT systems through an AML/CFT Directive is corroborated by the evidence provided in the 2019 reports issued by the Commission. These reports identified a lack of consistent approaches to supervision of obliged entities, with divergent outcomes for operators providing services across the internal market. They also highlight that uneven access to information by FIUs which limits their capacity to cooperate with one another and that FIUs lacked common tools. All these elements limited the detection of cross-border ML/TF cases. Finally, due to a lack of a legal basis it has not been possible so far to interconnect bank account registers and data retrieval systems, key tools for FIUs and competent authorities.

To address the above issues and avoid regulatory divergences, all rules that apply to the private sector have been transferred to a proposal for an AML/CFT Regulation. However, in recognition of the need for flexibility for Member States in this area, whereas the organisation of the institutional AML/CFT system at national level is left to this proposal for a Directive.

However, the present proposal does not simply transfers provisions from the current Directive to a future one; a number of changes of substance are made in order to bring about a greater level of convergence in the practices of supervisors and FIUs and in relation to cooperation among competent authorities:

–to avoid that the administrative set-up of FIUs impacts their analytical functions nor their capacity to cooperate with their counterparts, their powers and tasks are clarified, as well as the minimum set of information that FIUs should be able to access;

–to ensure that FIUs are effectively able to cooperate, a framework for joint analyses is laid down. A legal basis for the FIU.net system is also provided;

–in order to inform the risk understanding of obliged entities, clear rules on feedback by FIUs are laid down. Similarly, clear rules on feedback to FIUs are provided for to ensure that FIUs are aware of the use made of the financial intelligence they provide;

–the powers and tasks of supervisors are clarified to ensure that all supervisors have the instruments to take adequate remedial actions. The duty of oversight by a public authority on self-regulatory bodies that act as supervisors is introduced, with clear tasks defined for this public authority;

–the approach to risk-based supervision is harmonised through a common risk-categorisation tool in order to avoid divergent risk understanding in comparable situations;

–in order to improve cooperation among supervisors, AML/CFT colleges are set up, and mechanisms are put in place to ensure supervisory cooperation in relation to operators that provide services across borders;

–cooperation with other authorities is clarified by providing for specific cases in which a duty to cooperate arises in order to avoid inefficiencies due to sylos approaches;

–the powers of the registers of beneficial ownership are clarified to make sure that they can obtain up-to-date, adequate and accurate information;

–to remedy the current shortcoming in legislation, an interconnection of the bank account registers is provided for.

–in order to ensure full consistency with EU data protection rules, requirements for the processing of certain categories of personal data are introduced.

On the other hand, provisions on risk assessments or the collection of statistics are largely left unchanged, and only reviewed to take stock of the current inefficiencies identified, such as the excessive frequency of the supra-national risk assessment and the requirement to collect statistics on illegal activities.

•Consistency with existing policy provisions in the policy area

This proposal repeals and replaces the existing Directive (EU) 2015/849, as amended by Directive (EU) 2018/843 11 . As stated, this proposal is part of an AML/CFT package, encompassing a proposal for a Regulation on the prevention of the use of the financial system fore the purposes of money laundering and terrorist financing, a Regulation creating AMLA, and a recast of Regulation (EU) 2015/847. This package of four legislative proposals is considered as one coherent whole, in implementation of the Commission Action Plan on AML/CFT of 7 May 2020, creating a new and more coherent AML/CFT regulatory and institutional framework in the EU. In parallel to the adoption of this package, the Commission also proposes amendments to Directive 2019/1153 12 in order to provide competent authorities, responsible for the prevention, detection, investigation or prosecution of criminal offences, with access to the system interconnecting the centralised bank account registers.

This proposal, as it builds on Directive (EU) 2015/849, is consistent with the recommendations of the Financial Action Task Force (FATF). Compared with the current Directive, it increases consistency by ensuring that when supervision is performed by self-regulatory bodies, those self-regulatory bodies are subject to oversight by a public authority. The frequency of the supra-national risk assessment is also brought in line with best practices recognised by FATF (every 4 years). This proposal also integrates the changes brought about by the recent revisions of the FATF recommendations in relation to assessment and mitigation of risks of evasion of targeted financial sanctions.

•Consistency with other Union policies and legal instruments

2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

•Legal basis

•Subsidiarity

•Proportionality

•Choice of the instrument

3.RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

•Ex-post evaluations/fitness checks of existing legislation

A full ex-post evaluation of the current EU AML/CFT regime has not yet taken place, against the background of a number of recent legislative developments. The fourth AML Directive was adopted on 20 May 2015, with a transposition deadline for Member States of 26 June 2017. The Fifth AML Directive 17 was adopted on 30 May 2018, with a transposition deadline of 10 January 2020. Transposition control is still ongoing. However, the Commission Communication of July 2019 and accompanying reports referred to above serve as an evaluation of the effectiveness of the EU AML/CFT regime as it stood at that point in time.

•Stakeholder consultations

–A consultation on the roadmap announcing the Commission’s Action Plan. The consultation, on the Commission’s Have Your Say portal, ran between 11 February and 12 March 2020, and received 42 contributions from a range of stakeholders;

–A public consultation on the actions put forward in the Action Plan, open to the general public and all stakeholder groups, launched on 7 May 2020, and open until 26 August. The consultation received 202 official contributions;

–A targeted consultation of Member States and competent AML/CFT authorities. Member States had the opportunity to give their views in various meetings of the Expert Group on Money Laundering and Terrorist Financing, and EU FIUs made input in meetings of the FIU Platform and via written papers. The discussions were supported by targeted consultations of Member States and competent authorities, using questionnaires;

–A request for advice from the European Banking Authority, made in March 2020; the EBA provided its opinion on 10 September;

–On 23 July 2020, the EDPS issued an opinion on the Commission’s Action Plan;

–On 30 September 2020, the Commission organised a high-level conference, bringing together representatives from national and EU authorities, MEPs, private sector and civil society representatives and academia.

•Collection and use of expertise

•Impact assessment

–EU rules would remain as they are with no modifications;

–Ensure a greater level of harmonisation in the rules that apply to obliged entities and leave it to Member States to detail the powers and obligations of competent authorities;

–Ensure a greater level of harmonisation in the rules that apply to entities subject to AML/CFT obligations and the powers and obligations of supervisors and FIUs.

•Regulatory fitness and simplification

Although, as noted above, no formal ex-post evaluation or fitness check of existing EU AML/CFT legislation has yet taken place, a number of points can be made with regard to elements of the proposed overall package of measures which will further simplification and improved efficiency. Firstly, the replacement of certain rules in a Directive with more harmonised and directly applicable rules in a Regulation, will remove the need for transposition work in the Member States and facilitate doing business for cross-border entities in the EU. Moreover, the removal from the scope of the EU AML framework of traders in goods, linked to the proposed prohibition on cash operations over EUR 10 000, will release such traders from the administrative burden of submitting to their FIU reports on cash operations exceeding EUR 10 000. Finally, the greater degree of harmonisation of AML/CFT rules in a number of specific areas will simplify cooperation between supervisors and FIUs due to the reduction in divergences between their rules and practices. The present draft Directive contains only certain provisions which require transposition in national law, and is therefore shorter than the Directive which it replaces; most subjects treated in Directive (EU) 2015/849 are now contained in the proposed Regulation accompanying this proposed Directive.

•Fundamental rights

4.BUDGETARY IMPLICATIONS

This draft Directive has no budgetary implications.

5.OTHER ELEMENTS

•Implementation plans and monitoring, evaluation and reporting arrangements

•Detailed explanation of the specific provisions of the proposal

AML Supervision

The provisions on sanctions build on the current AML/CFT framework, obliging Member States to provide for administrative measures and sanctions to be available for serious repeated or systematic breaches by obliged entities of key requirements of the framework, with specifications on the minimum and maximum amounts of pecuniary sanctions, and providing for publication of sanctions imposed, whistleblower protection and exchange of information on sanctions.

New provisions include: clarification of administrative measures other than sanctions for less serious breaches and a requirement for Member States to notify to the Commission and AMLA their arrangements relating to the imposition of administrative sanctions or measures. The circumstances to be taken into account when determining the type and level of administrative sanctions or measures are specified. There will be Regulatory Technical Standards prepared by AMLA defining indicators to classify the level of gravity of breaches and criteria to be taken into account when setting the level of administrative sanctions or taking administrative measures.

Cooperation

The provisions on cooperation between supervisors ,FIUs and other competent authorities build on the current AML/CFT framework, including cooperation between competent authorities of Member States, and provisions for cases where authorities are bound by professional secrecy.

New provisions in the present proposal include the addition of references to AMLA and an obligation on other bodies to cooperate with it. Existing provisions to ensure good cooperation with prudential supervisors of financial instutions are enhanced with additional specifications, and resolution authorities, as well as authorities in charge of the supervision of credit insitutions for cooperation with the PAD and PSD2. Financial supervisors and FIUs will report annually to AMLA on their cooperation with those authorities. Provisions in relation to cooperation with regard to auditors are added, and AMLA will issue guidelines on cooperation.

Final provisions

The processing of personal data under this proposal, as in the case of the current AML/CFT framework, is subject to Regulation (EU) 2016/679, or Regulation (EU) 2018/1725, if carried out by Union institutions, agencies or bodies.

The Commission will be assisted by a Committee, in particular for the preparation of Implementing Acts.

Provisions for the transfer of hosting of FIU.net from the Commission to AMLA are included.

Directive 2015/849 as amended (the current AML/CFT framework) is repealed. The proposed Directive will enter into force on the twentieth day after publication in the Official Journal; the transposition deadline is two years from the entry into force of the Directive. The Commission must first review and evaluate this Directive within 5 years of its application and subsequently every three years.

2021/0250 (COD)

Proposal for a

DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Central Bank 20 ,

Having regard to the opinion of the European Economic and Social Committee 21 ,

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1)Directive (EU) 2015/849 of the European Parliament and of the Council 22 constitutes the main legal instrument for the prevention of the use of the Union financial system for the purposes of money laundering and terrorist financing. That Directive sets out a comprehensive legal framework, which Directive (EU) 2018/843 of the European Parliament and the Council 23 further strengthened by addressing emerging risks and increasing transparency of beneficial ownership. Notwithstanding its achievements, experience has shown that Directive (EU) 2015/849 should be further improved to adequately mitigate risks and to effectively detect criminal attempts to misuse the Union financial system for criminal purposes.

(2)Since the entry into force of Directive (EU) 2015/849, a number of areas have been identified where amendments would be needed to ensure the necessary resilience and capacity of the Union financial system to prevent money laundering and terrorist financing.

(3)Significant variations in practices and approaches by competent authorities across the Union, as well as the lack of sufficiently effective arrangements for cross-border cooperation were identified in the implementation of Directive (EU) 2015/849. It is therefore appropriate to define clearer requirements, which should contribute to smooth cooperation across the Union whilst allowing Member States to take into account the specificities of their national systems.

(4)This new instrument is part of a comprehensive package aiming at strengthening the Union’s AML/CFT framework. Together, this instrument, Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], Regulation [please insert reference – proposal for a recast of Regulation (EU) 2015/847 - COM/2021/422 final] and Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final] will form the legal framework governing the AML/CFT requirements to be met by obliged entities and underpinning the Union’s AML/CFT institutional framework, including the establishment of an Authority for anti-money laundering and countering the financing of terrorism (‘AMLA’).

(5)Money laundering and terrorist financing are frequently carried out in an international context. Measures adopted at Union level, without taking into account international coordination and cooperation, would have very limited effect. The measures adopted by the Union in that field should therefore be compatible with, and at least as stringent as, other actions undertaken at international level. Union action should continue to take particular account of the Financial Action Task Force (FATF) Recommendations and instruments of other international bodies active in the fight against money laundering and terrorist financing. With a view to reinforcing the efficacy of the fight against money laundering and terrorist financing, the relevant Union legal acts should, where appropriate, be aligned with the International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation adopted by the FATF in February 2012 (the ‘revised FATF Recommendations’) and the subsequent amendments to those standards.

(6)Specific money laundering and terrorist financing threats, risks and vulnerabilities affecting certain economic sectors at national level diminish in distinct manners Member States ability to contribute to the integrity and soundness of the Union financial system. As such, it is appropriate to allow Member States, upon identification of such sectors and specific risks to decide to apply AML/CFT requirements to additional sectors than those covered by Regulation [please insert reference – proposal for Anti-Money Laundering Regulation]. With a view to preserving the effectiveness of the internal market and the Union AML/CFT system, the Commission should be able, with the support of AMLA, to assess whether the intended decisions of the Member States to apply AML/CFT requirements to additional sectors are justified. In cases where the best interests of the Union would be achieved at Union level as regards specific sectors, the Commission should inform that Member State that it intends to take action at Union level instead and the Member State should abstain from taking the intended national measures.

(7)In light of the specific anti-money laundering vulnerabilities that have been witnessed in the electronic money issuing, the payment services and the crypto-assets service providing industry, it should be possible for Member States to require that those providers established on their territory in forms other than a branch and the head office of which is situated in another Member State appoint a central contact point. Such a central contact point, acting on behalf of the appointing institution, should ensure the establishments' compliance with AML/CFT rules. 

(8)Supervisors should ensure that, with regard to currency exchange offices, cheque cashing offices, trust or company service providers or gambling service providers, the persons who effectively manage the business of such entities and the beneficial owners of such entities act with honesty and integrity and possess knowledge and expertise necessary to carry out their functions. The criteria for determining whether or not a person complies with those requirements should, as a minimum, reflect the need to protect such entities from being misused by their managers or beneficial owners for criminal purposes.

(9)For the purposes of assessing the appropriateness of persons holding a management function in, or otherwise controlling, obliged entities, any exchange of information about criminal convictions should be carried out in accordance with Council Framework Decision 2009/315/JHA 24 and Council Decision 2009/316/JHA 25 .

(10)The Commission is well placed to review specific cross-border threats that could affect the internal market and that cannot be identified and effectively combatted by individual Member States. It should therefore be entrusted with the responsibility for coordinating the assessment of risks relating to cross-border activities. Involvement of the relevant experts, such as the Expert Group on Money Laundering and Terrorist Financing and the representatives from the FIUs, as well as, where appropriate, from other Union-level bodies, is essential for the effectiveness of the process of the assessment of risks. National risk assessments and experience are also an important source of information for that process. Such assessment of the cross-border risks by the Commission should not involve the processing of personal data. In any event, data should be fully anonymised. National and Union data protection supervisory authorities should be involved only if the assessment of the risk of money laundering and terrorist financing has an impact on the privacy and data protection of individuals.

(11)The findings of the risk assessment at Union level can assist competent authorities and obliged entities in the identification, understanding, management and mitigation of the risk of money laundering and terrorist financing, as well as of risks of non-application and evasion of targeted financial sanctions. It is therefore important that the findings of the risk assessment are made public.

(12)The Member States remain the best placed to identify, assess, understand and decide how to mitigate risks of money laundering and terrorist financing affecting them directly. Therefore, each Member State should take the appropriate steps in an effort to properly identity, assess and understand its money laundering and terrorist financing risks, as well as risks of non-implementation and evasion of targeted financial sanctions and to define a coherent national strategy to put in place actions to mitigate those risks. Such national risk assessment should be updated regularly and should include a description of the institutional structure and broad procedures of the Member State's AML/CFT regime, as well as the allocated human and financial resources to the extent that this information is available.

(13)The results of risk assessments should, where appropriate, be made available to obliged entities in a timely manner to enable them to identify, understand, manage and mitigate their own risks.

(14)In addition, to identify, understand, manage and mitigate risks at Union level to an even greater degree, Member States should make available the results of their risk assessments to each other, to the Commission and to AMLA.

(15)To be able to review the effectiveness of their systems for combating money laundering and terrorist financing, Member States should maintain, and improve the quality of, relevant statistics. With a view to enhancing the quality and consistency of the statistical data collected at Union level, the Commission and the AMLA should keep track of the Union-wide situation with respect to the fight against money laundering and terrorist financing and should publish regular overviews.

(16)The FATF has developed standards for jurisdictions to identify, and assess the risks of potential non-implementation or evasion of the proliferation financing-related targeted financial sanctions, and to take action to mitigate those risks. Those new standards introduced by the FATF do not substitute nor undermine the existing strict requirements for countries to implement targeted financial sanctions to comply with the relevant United Nations Security Council Regulations relating to the prevention, suppression and disruption of proliferation of weapons of mass destruction and its financing. Those existing obligations, as implemented at Union level by Council Decisions 2010/413/CFSP 26 and (CFSP) 2016/849 27 as well as Council Regulations (EU) 267/2012 28 and (EU) 2017/1509 29 , remain strict rule-based obligations binding on all natural and legal persons within the Union.

(17)In order to reflect the latest developments at international level, a requirement has been introduced by this Directive to identify, understand, manage and mitigate risks of potential non-implementation or evasion of proliferation financing-related targeted financial sanctions at Union level and at Member State level.

(18)Central registers of beneficial ownership information are crucial in combating the misuse of legal entities. To ensure that the registers of beneficial ownership information are easily accessible and contain high-quality data, consistent rules on the collection and storing of this information should be introduced.

(19)With a view to enhancing transparency in order to combat the misuse of legal entities, Member States should ensure that beneficial ownership information is stored in a central register located outside the company, in full compliance with Union law. Member States can, for that purpose, use a central database, which collects beneficial ownership information, or the business register, or another central register. Member States may decide that obliged entities are responsible for filling in the register. Member States should make sure that in all cases that information is made available to competent authorities and FIUs and is provided to obliged entities when they take customer due diligence measures.

(20)Beneficial ownership information of trusts and similar legal arrangements should be registered where the trustees and persons holding equivalent positions in similar legal arrangements are established or where they reside. In order to ensure the effective monitoring and registration of information on the beneficial ownership of trusts and similar legal arrangements, cooperation between Member States is also necessary. The interconnection of Member States’ registries of beneficial owners of trusts and similar legal arrangements would make this information accessible, and would also ensure that the multiple registration of the same trusts and similar legal arrangements is avoided within the Union.

(21)Timely access to information on beneficial ownership should be ensured in ways, which avoid any risk of tipping off the company concerned.

(22)The accuracy of data included in the beneficial ownership registers is fundamental for all of the relevant authorities and other persons allowed access to that data, and to make valid, lawful decisions based on that data. Therefore, where sufficient reasons arise, after careful analysis by the registrars, to doubt the accuracy of the beneficial ownership information held by the registers, legal entities and legal arrangements should be required to provide additional information on a risk-sensitive basis. In addition, it is important that Member States entrust the entity in charge of managing the registers with sufficient powers to verify beneficial ownership and the veracity of information provided to it, and to report any suspicion to their FIU. Such powers should extend to the conduct of inspections at the premises of the legal entities.

(23)Moreover, the reporting of discrepancies between beneficial ownership information held in the central registers and beneficial ownership information available to obliged entities and, where applicable, competent authorities, is an effective mechanism to verify the accuracy of the information. Any such discrepancy should be swiftly identified, reported and corrected.

(24)In view of ensuring that the mechanism of discrepancy reporting is proportionate and focused on the detection of instances of inaccurate beneficial ownership information, Member States may allow obliged entities to request the customer to rectify discrepancies of a technical nature directly with the entity in charge of the central registers. Such option only applies to low-risk customers and to those errors of a technical nature, such as minor cases of misspelt information, where it is evident that that those do not hinder the identification of the beneficial owner(s) and the accuracy of the information.

(25)Where the reporting of discrepancies by the FIUs and other competent authorities would jeopardise an on-going criminal investigation, the FIUs or other competent authorities should delay the reporting of the discrepancy until the moment at which the reasons for not reporting cease to exist. Furthermore, FIUs and competent authorities should not report any discrepancy when this would be contrary to any confidentiality provision of national law or would constitute a tipping-off offence.

(26)To ensure a level playing field in the application of the concept of beneficial owner, it is of utmost importance that, across the Union, legal entities obtain benefit from uniform reporting channels and means. To that end, the format for the submission of beneficial ownership information to the relevant national registers should be uniform and offer guarantees of transparency and legal certainty.

(27)In order to ensure a level playing field among the different types of legal forms, trustees should also be required to obtain and hold beneficial ownership information and to communicate that information to a central register or a central database.

(28)Public access to beneficial ownership information can allow greater scrutiny of information by civil society, including by the press or civil society organisations, and contributes to preserving trust in the integrity of the financial system. It can contribute to combating the misuse of corporate and other legal entities and legal arrangements for the purposes of money laundering or terrorist financing, both by helping investigations and through reputational effects, given that anyone who could enter into a business relationship is aware of the identity of the beneficial owners. It may also facilitate the timely and efficient availability of information for obliged entities as well as authorities of third countries involved in combating such offences. The access to that information would also help investigations on money laundering, associated predicate offences and terrorist financing.

(29)Confidence in financial markets from investors and the general public depends in large part on the existence of an accurate disclosure regime that provides transparency in the beneficial ownership and control structures of companies. This is particularly true for corporate governance systems that are characterised by concentrated ownership, such as the one in the Union. On the one hand, large investors with significant voting and cash-flow rights may encourage long-term growth and firm performance. On the other hand, however, controlling beneficial owners with large voting blocks may have incentives to divert corporate assets and opportunities for personal gain at the expense of minority investors. The potential increase in confidence in financial markets should be regarded as a positive side effect and not the purpose of increasing transparency, which is to create an environment less likely to be used for the purposes of money laundering and terrorist financing.

(30)Confidence in financial markets from investors and the general public depends in large part on the existence of an accurate disclosure regime that provides transparency in the beneficial ownership and control structures of corporate and other legal entities as well as certain types of trusts and similar legal arrangements. Member States should therefore allow access to beneficial ownership information in a sufficiently coherent and coordinated way, by establishing confidence rules of access by the public, so that third parties are able to ascertain, throughout the Union, who are the beneficial owners of corporate and other legal entities as well as, provided that there is a legitimate interest, of certain types of trusts and similar legal arrangements.

(31)With regard to corporate and other legal entities, a fair balance should be sought in particular between the general public interest in the prevention of money laundering and terrorist financing and the data subjects’ fundamental rights. The set of data to be made available to the public should be limited, clearly and exhaustively defined, and should be of a general nature, so as to minimise the potential prejudice to the beneficial owners. At the same time, information made accessible to the public should not significantly differ from the data currently collected. In order to limit the interference with the right to respect for their private life in general and to protection of their personal data in particular, that information should relate essentially to the status of beneficial owners of corporate and other legal entities and should strictly concern the sphere of economic activity in which the beneficial owners operate. In cases where the senior managing official has been identified as the beneficial owner only ex officio and not through ownership interest held or control exercised by other means, this should be clearly visible in the registers.

(32)In case of express trusts and similar legal arrangements, the information should be accessible to any member of the general public, provided that the legitimate interest can be demonstrated. This should include situations where natural or legal persons file a request in relation to a trust or similar legal arrangement which holds or owns a controlling interest in a legal entity incorporated or created outside the Union through direct or indirect ownership, including through bearer shareholding, or through control via other means. The interpretation of the legitimate interest by the Member States should not restrict the concept of legitimate interest to cases of pending administrative or legal proceedings, and should enable to take into account the preventive work in the field of anti-money laundering and its predicate offences and counter-terrorist financing undertaken by non-governmental organisations and investigative journalists. While trusts and other legal arrangements can be used in complex corporate structures, their primary objective remains the management of individual wealth. In order to adequately balance the legitimate aim of preventing the use of the financial system for the purposes of money laundering or terrorist financing, which public scrutiny enhances, and the protection of fundamental rights of individuals, in particular the right to privacy and protection of personal data, it is necessary to provide for the demonstration of a legitimate interest in accessing beneficial ownership information of trusts and other legal arrangements.

(33)In order to ensure that the information available to the public allows the correct identification of the beneficial owner, a minimum set of data should be accessible to the public. Such data should allow for the unequivocal identification of the beneficial owner, whilst minimising the amount of personal data publicly accessible. In the absence of information pertaining to the name, the month and year of birth and the country of residence and nationality of the beneficial owner, it would not be possible to establish unambiguously who the natural person being the beneficial owner is. Similarly, the absence of information on the beneficial interest held would make it impossible to determine why that natural person should be identified as being the beneficial owner. Therefore, in order to avoid misinterpretations of the beneficial ownership information publicly available and to ensure a proportionate disclosure of personal data consistent across the Union, it is appropriate to lay down the minimum set of data that can be accessed by the public.

(34)The enhanced public scrutiny may contribute to preventing the misuse of legal entities and legal arrangements, including tax avoidance. Therefore, it is essential that the information on beneficial ownership remains available through the national registers and through the system of interconnection of beneficial ownership registers for a minimum of five years after the grounds for registering beneficial ownership information of the trust or similar legal arrangement have ceased to exist. However, Member States should be able to provide by law for the processing of the information on beneficial ownership, including personal data for other purposes if such processing meets an objective of public interest and constitutes a necessary and proportionate measure in a democratic society to the legitimate aim pursued.

(35)Moreover, with the aim of ensuring a proportionate and balanced approach and to guarantee the rights to private life and personal data protection, it should be possible for Member States to provide for exemptions to the disclosure of the personal information on the beneficial owner through the registers of beneficial ownership information and to access to such information, in exceptional circumstances, where that information would expose the beneficial owner to a disproportionate risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation. It should also be possible for Member States to require online registration in order to identify any person who requests information from the register, as well as the payment of a fee for access to the information in the register.

(36)Directive (EU) 2018/843 achieved the interconnection of Member States’ central registers holding beneficial ownership information through the European Central Platform established by Directive (EU) 2017/1132 of the European Parliament and of the Council 30 . Continued involvement of Member States in the functioning of the whole system should be ensured by means of a regular dialogue between the Commission and the representatives of Member States on the issues concerning the operation of the system and on its future development.

(37)Through the interconnection of Member States’ beneficial ownership registers, both national and cross-border access to information on the beneficial ownership of legal arrangements contained in each Member State’s register should be granted based on the definition of legitimate interest, by virtue of a decision taken by the relevant entity of that Member State. To avoid that decisions on limiting access to beneficial ownership information which are not justified cannot be reviewed, appeal mechanisms against such decisions should be established. With a view to ensuring coherent and efficient registration and information exchange, Member States should ensure that their entity in charge of the register cooperates with its counterparts in other Member States, sharing information concerning trusts and similar legal arrangements governed by the law of one Member State and administered in another Member State.

(38)Regulation (EU) 2016/679 of the European Parliament and of the Council 31 applies to the processing of personal data for the purposes of this Directive. Natural persons whose personal data are held in national registers as beneficial owners should be informed about the applicable data protection rules. Furthermore, only personal data that is up to date and corresponds to the actual beneficial owners should be made available and the beneficiaries should be informed about their rights under the Union legal data protection framework and the procedures applicable for exercising those rights. In addition, to prevent the abuse of the information contained in the registers and to balance out the rights of beneficial owners, Member States might find it appropriate to consider making information relating to the requesting person along with the legal basis for their request available to the beneficial owner.

(39)Delayed access to information by FIUs and other competent authorities on the identity of holders of bank and payment accounts and safe-deposit boxes, especially anonymous ones, hampers the detection of transfers of funds relating to money laundering and terrorist financing. National data allowing the identification of bank and payments accounts and safe-deposit boxes belonging to one person is fragmented and therefore not accessible to FIUs and to other competent authorities in a timely manner. It is therefore essential to establish centralised automated mechanisms, such as a register or data retrieval system, in all Member States as an efficient means to get timely access to information on the identity of holders of bank and payment accounts and safe-deposit boxes, their proxy holders, and their beneficial owners. When applying the access provisions, it is appropriate for pre-existing mechanisms to be used provided that national FIUs can access the data for which they make inquiries in an immediate and unfiltered manner. Member States should consider feeding such mechanisms with other information deemed necessary and proportionate for the more effective mitigation of risks relating to money laundering and the financing of terrorism. Full confidentiality should be ensured in respect of such inquiries and requests for related information by FIUs and competent authorities other than those authorities responsible for prosecution.

(40)In order to respect privacy and protect personal data, the minimum data necessary for the carrying out of AML/CFT investigations should be held in centralised automated mechanisms for bank and payment accounts, such as registers or data retrieval systems. It should be possible for Member States to determine which data it is useful and proportionate to gather, taking into account the systems and legal traditions in place to enable the meaningful identification of the beneficial owners. When transposing the provisions relating to those mechanisms, Member States should set out retention periods equivalent to the period for retention of the documentation and information obtained within the application of customer due diligence measures. It should be possible for Member States to extend the retention period on a general basis by law, without requiring case-by-case decisions. The additional retention period should not exceed an additional five years. That period should be without prejudice to national law setting out other data retention requirements allowing case-by-case decisions to facilitate criminal or administrative proceedings. Access to those mechanisms should be on a need-to-know basis.

(41)Through the interconnection of Member States’ centralised automated mechanisms, the national FIUs would be able to obtain swiftly cross-border information on the identity of holders of bank and payment accounts and safe deposit boxes in other Member States, which would reinforce their ability to effectively carry out financial analysis and cooperate with their counterparts from other Member States. Direct cross-border access to information on bank and payment accounts and safe deposit boxes would enable the Financial Intelligence Units to produce financial analysis within a sufficiently short timeframe to detect potential money laundering and terrorist financing cases and guarantee a swift law enforcement action.

(42)In order to respect the right to the protection of personal data and the right to privacy, and to limit the impact of cross-border access to the information contained in the national centralised automated mechanisms, the scope of information accessible through the bank account registers (BAR) central access point would be restricted to the minimum necessary in accordance with the principle of data minimisation in order to allow the identification of any natural or legal persons holding or controlling payment accounts and bank accounts identified by IBAN and safe-deposit boxes. Furthermore, only FIUs should be granted immediate and unfiltered access to the central access point. Member States should ensure that the FIUs’ staff maintain high professional standards of confidentiality and data protection, that they are of high integrity and are appropriately skilled. Moreover, Member States should put in place technical and organisational measures guaranteeing the security of the data to high technological standards.

(43)The interconnection of Member States’ centralised automated mechanisms (central registries or central electronic data retrieval systems) containing information on bank and payment accounts and safe-deposit boxes through the BAR single access point necessitates the coordination of national systems having varying technical characteristics. For this purpose, technical measures and specifications taking into account the differences between the national centralised automated mechanisms should be developed.

(44)Real estate is an attractive commodity for criminals to launder the proceeds of their illicit activities, as it allows obscuring the true source of the funds and the identity of the beneficial owner. Proper and timely identification of natural or legal person owning real estate by FIUs and other competent authorities is important both for detecting money laundering schemes as well as for freezing and confiscation of assets. It is therefore important that Member States provide FIUs and competent authorities with access to information which allows the identification in a timely manner of natural or legal person owning real estate and information relevant for the identification of the risk and suspicion of the transaction.

(45)All Member States have, or should, set up operationally independent and autonomous FIUs to collect and analyse the information which they receive with the aim of establishing links between suspicious transactions and underlying criminal activity in order to prevent and combat money laundering and terrorist financing. The FIU should be the single central national unit responsible for the receipt and analysis of suspicious transaction reports, reports on cross-border physical movements of cash and on payments in cash above a certain threshold as well as other information relevant to money laundering, its predicate offences or terrorist financing submitted by obliged entities. Operational independence and autonomy of the FIU should be ensured by granting the FIU the authority and capacity to carry out its functions freely, including the ability to take autonomous decisions as regards analysis, requests and dissemination of specific information. In all cases, the FIU should have the independent right to forward or disseminate information to competent authorities. The FIU should be provided with adequate financial, human and technical resources, in a manner that secures its autonomy and independence and enables it to exercise its mandate effectively. The FIU should be able to obtain and deploy the resources needed to carry out its functions, on an individual or routine basis, free from any undue political, government or industry influence or interference, which might compromise its operational independence.

(46)FIUs play an important role in identifying the financial operations of terrorist networks, especially cross-border, and in detecting their financial backers. Financial intelligence might be of fundamental importance in uncovering the facilitation of terrorist offences and the networks and schemes of terrorist organisations. FIUs maintain significant differences as regards their functions, competences and powers. The current differences should however not affect an FIU’s activity, particularly its capacity to develop preventive analyses in support of all the authorities in charge of intelligence, investigative and judicial activities, and international cooperation. In the exercise of their tasks, it has become essential to identify the minimum set of data FIUs should have swift access to and be able to exchange without impediments with their counterparts from other Member States. In all cases of suspected money laundering, its predicate offences and in cases involving the financing of terrorism, information should flow directly and quickly without undue delays. It is therefore essential to further enhance the effectiveness and efficiency of FIUs, by clarifying the powers of and cooperation between FIUs.

(47)The powers of FIUs include the right to access directly or indirectly the ‘financial’, ‘administrative’ and ‘law enforcement’ information that they require in order to combat money laundering, its associated predicate offences and terrorist financing. The lack of definition of what types of information these general categories include has resulted in FIUs having been granted with access to considerably diversified sets of information which has an impact on FIUs’ analytical functions as well as on their capacity to cooperate effectively with their counterparts from other Member States. It is therefore necessary to define the minimum sets of ‘financial’, ‘administrative’ and ‘law enforcement’ information that should be made directly or indirectly available to every FIU across the Union. Moreover, FIUs should be able to obtain swiftly from any obliged entity all necessary information relating to their functions. An FIU should also be able to obtain such information upon request made by another FIU and to exchange that information with the requesting FIU.

(48)The vast majority of FIUs have been granted the power to take urgent action and suspend or withhold consent to a transaction in order to analyse it, confirm the suspicion and disseminate the results of the analytical activities to the competent authorities. However, there are certain variations in relation to the duration of the postponement powers across the different Member States, with an impact not only on the postponement of activities that have a cross-border nature through FIU-to-FIU cooperation, but also on individuals’ fundamental rights. Furthermore, in order to ensure that FIUs have the capacity to promptly restrain criminal funds or assets and prevent their dissipation, also for seizure purposes, FIUs should be granted the power to suspend the use of a bank or payment account in order to analyse the transactions performed through the account, confirm the suspicion and disseminate the results of the analysis to the competent authorities. Given that postponement powers have an impact on the right to property, the preservation of affected persons’ fundamental rights should be guaranteed.

(49)For the purposes of greater transparency and accountability and to increase awareness with regard to their activities, FIUs should issue activity reports on an annual basis. These reports should at least provide statistical data in relation to the suspicious transaction reports received, the number of disseminations made to national competent authorities, the number of requests submitted to and received by other FIUs as well as information on trends and typologies identified. This report should be made public except for the elements which contain sensitive and classified information. At least once annually, the FIU should provide obliged entities with feedback on the quality of suspicious transaction reports, their timeliness, the description of suspicion and any additional documents provided. Such feedback can be provided to individual obliged entities or groups of obliged entities and should aim to further improve the obliged entities’ ability to detect and identify suspicious transactions and activities and enhance the overall reporting mechanisms.

(50)The purpose of the FIU is to collect and analyse the information which they receive with the aim of establishing links between suspicious transactions and underlying criminal activity in order to prevent and combat money laundering and terrorist financing, and to disseminate the results of its analysis as well as additional information to the competent authorities where there are grounds to suspect money laundering, associated predicate offences or financing of terrorism. An FIU should not refrain from or refuse the exchange of information to another FIU, spontaneously or upon request, for reasons such as a lack of identification of an associated predicate offence, features of criminal national laws and differences between the definitions of associated predicate offences or the absence of a reference to particular associated predicate offences. Similarly, an FIU should grant its prior consent to another FIU to forward the information to other competent authorities regardless of the type of possible associated predicate offence in order to allow the dissemination function to be carried out effectively. FIUs have reported difficulties in exchanging information based on differences in national definitions of certain predicate offences, such as tax crimes, which are not harmonised by Union law. Such differences should not hamper the mutual exchange, the dissemination to other competent authorities and the use of that information. FIUs should rapidly, constructively and effectively ensure the widest range of international cooperation with third countries’ FIUs in relation to money laundering, associated predicate offences and terrorist financing in accordance with the applicable data protection rules for data transfers, FATF Recommendations and Egmont Principles for Information Exchange between Financial Intelligence Units.

(51)FIUs should use secure facilities, including protected channels of communication, to cooperate and exchange information amongst each other. In this respect, a system for the exchange of information between FIUs of the Member States (‘FIU.net’) should be set up. The system should be managed and hosted by AMLA. The FIU.net should be used by FIUs to cooperate and exchange information amongst each other and may also be used, where appropriate, to exchange information with FIUs of third countries and with other authorities and Union bodies. The functionalities of the FIU.net should be used by FIUs to their full potential. Those functionalities should allow FIUs to match their data with data of other FIUs in an anonymous way with the aim of detecting subjects of the FIU's interests in other Member States and identifying their proceeds and funds, whilst ensuring full protection of personal data.

(52)It is important that FIUs cooperate and exchange information effectively with one another. In this regard, AMLA should provide the necessary assistance, not only by means of coordinating joint analyses of cross-border suspicious transaction reports, but also by developing draft regulatory technical standards concerning the format to be used for the exchange of information between FIUs and guidelines in relation to the relevant factors to be taken into account when determining if a suspicious transaction report concerns another Member State as well as on the nature, features and objectives of operational and of strategic analysis.

(53)Time limits for exchanges of information between FIUs are necessary in order to ensure quick, effective and consistent cooperation. Time limits should be set out in order to ensure effective sharing of information within reasonable time or to meet procedural constraints. Shorter time limits should be provided in exceptional, justified and urgent cases where the requested FIU is able to access directly the databases where the requested information is held. In the cases where the requested FIU is not able to provide the information within the set time limits, it should inform its counterpart accordingly.

(54)The movement of illicit money traverses borders and may affect different Member States. The cross-border cases, involving multiple jurisdictions, are becoming more and more frequent and increasingly significant, also due to the activities carried out by obliged entities on a cross-border basis. In order to deal effectively with cases that concern several Member States, FIUs should be able to go beyond the simple exchange of information for the detection and analysis of suspicious transactions and activities and share the analytical activity itself. FIUs have reported certain important issues which limit or condition the capacity of FIUs to engage in joint analysis. Carrying out joint analysis of suspicious transactions and activities will enable FIUs to exploit potential synergies, to use information from different sources, to obtain a full picture of the anomalous activities and to enrich the analysis. FIUs should be able to conduct joint analyses of suspicious transactions and activities and to set up and participate in joint analysis teams for specific purposes and limited period with the assistance of AMLA. The participation of third parties may be instrumental for the successful outcome of joint analyses. Therefore, FIUs may invite third parties to take part in the joint analysis where such participation would fall within the respective mandates of those third parties.

(55)Effective supervision of all obliged entities is essential to protect the integrity of the Union financial system and of the internal market. To this end, Member States should deploy effective and impartial AML/CFT supervision and set forth the conditions for effective, timely and sustained cooperation between supervisors.

(56)Member States should ensure effective, impartial and risk-based supervision of all obliged entities, preferably by public authorities via a separate and independent national supervisor. National supervisors should be able to perform a comprehensive range of tasks in order to exercise effective supervision of all obliged entities.

(57)The Union has witnessed on occasions a lax approach to the supervision of the obliged entities' duties in terms of anti-money laundering and counter-terrorist financing duties. Therefore, it has become of utmost importance that competent national supervisors, as part of the integrated supervisory mechanism put in place by this Directive and Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final], obtain clarity as to their respective rights and obligations.

(58)In order to assess and monitor more effectively and regularly the risks the obliged entities are exposed to and the manner in which they implement targeted financial sanctions, it is necessary to clarify that national supervisors are both entitled and bound to conduct all the necessary off-site, on-site and thematic investigations and any other inquiries and assessments as they see necessary. This will not only help supervisors decide on those cases where the specific risks inherent in a sector are clear and understood, but also provide them with the tools required to further disseminate relevant information to obliged entities in order to inform their understanding of money laundering and terrorist financing risks.

(59)Outreach activities, including dissemination of information by the supervisors to the obliged entities under their supervision, is essential to guarantee that the private sector has an adequate understanding of the nature and level of money laundering and terrorist financing risks they face.

(60)Supervisors should adopt a risk-based approach to their work, which should enable them to focus their resources where the risks are the highest, whilst ensuring that no sector or entity is left exposed to criminal attempts to launder money or finance terrorism. AMLA should play a leading role in fostering a common understanding of risks, and should therefore be entrusted with developing the benchmarks and a methodology for assessing and classifying the inherent and residual risk profile of obliged entities, as well as the frequency at which such risk profile should be reviewed.

(61)The disclosure to FIUs of facts that could be related to money laundering or to terrorist financing by supervisors is one of the cornerstones of efficient and effective supervision of money laundering and terrorist financing risks. It is therefore necessary for Member States to put in place a system that ensures that FIUs are properly and promptly informed.

(62)Cooperation between national supervisors is essential to ensure a common supervisory approach across the Union. To be effective, this cooperation has to be leveraged to the greatest extent possible and regardless of the respective nature or status of the supervisors. In addition to traditional cooperation - such as the ability to conduct investigations on behalf of a requesting supervisory authority – it is appropriate to mandate the set-up of AML/CFT supervisory colleges with respect to obliged entities operating under the freedom to provide services or of establishment and with the respect of obliged entities which are part of a group.

(63)Where an obliged entity operates establishments in another Member State, including through a network of agents, the supervisor of the home Member State should be responsible for supervising the obliged entity's application of group-wide AML/CFT policies and procedures. This could involve on-site visits in establishments based in another Member State. The supervisor of the home Member State should cooperate closely with the supervisor of the host Member State and should inform the latter of any issues that could affect their assessment of the establishment's compliance with the host AML/CFT rules.

(64)Where an obliged entity operates establishments in another Member State, including through a network of agents, the supervisor of the host Member State retains responsibility for enforcing the establishment's compliance with AML/CFT rules, including, where appropriate, by carrying out onsite inspections and offsite monitoring and by taking appropriate and proportionate measures to address serious infringements of those requirements. The supervisor of the host Member State should cooperate closely with the supervisor of the home Member State and should inform the latter of any issues that could affect its assessment of the obliged entity's application of group AML/CFT policies and procedures. In order to remove serious infringements of AML/CFT rules that require immediate remedies, the supervisor of the host Member State should be able to apply appropriate and proportionate temporary remedial measures, applicable under similar circumstances to obliged entities under their competence, to address such serious failings, where appropriate, with the assistance of, or in cooperation with, the supervisor of the home Member State.

(65)To ensure better coordination of efforts and contribute effectively to the needs of the integrated supervisory mechanism, the respective duties of supervisors in relation to those obliged entities should be clarified, and specific, proportionate cooperation mechanisms should be provided for.

(66)Cross-border groups need to have in place far-reaching group-wide policies and procedures. To ensure that cross-border operations are matched by adequate supervision, there is a need to set out detailed supervisory rules, enabling supervisors of the home Member State and those of the host Member State cooperate with each other to the greatest extent possible, regardless of their respective nature or status, and with AMLA to assess the risks, monitor developments that could affect the various entities that form part of the group and coordinate supervisory action. Given its coordinating role, AMLA should be entrusted with the duty to developing the draft regulatory technical standards defining the detailed respective duties of the home and host supervisors of groups, and the modalities of cooperation between them. The supervision of the effective implementation of group policy on AML/CFT should be done in accordance with the principles and modalities of consolidated supervision as laid down in the relevant European sectoral legislation.

(67)Directive (EU) 2015/849 included a general requirement for supervisors of home and host Member States to cooperate. Such requirements were subsequently strengthened to prevent that the exchange of information and cooperation between supervisors were prohibited or unreasonably restricted. However, in the absence of a clear legal framework, the set-up of AML/CFT supervisory colleges has been based on non-binding guidelines. It is therefore necessary to establish clear rules for the organisation of AML/CFT colleges and to provide for a coordinated, legally sound approach, recognising the need for structured interaction between supervisors across the Union. In line with its coordinating and oversight role, AMLA should be entrusted with developing the draft regulatory technical standards defining the general conditions that enable the proper functioning of AML/CFT supervisory colleges.

(68)Exchange of information and cooperation between supervisors is essential in the context of increasingly integrated global financial systems. On the one hand, Union supervisors, including AMLA, should inform each other of instances in which the law of a third country does not permit the implementation of the policies and procedures required under Regulation [please insert reference – proposal for Anti-Money Laundering Regulation]. On the other hand, Member States should be enabled to authorise supervisors to conclude cooperation agreements providing for collaboration and exchanges of confidential information with their counterparts in third countries, in compliance with applicable rules for personal data transfers. Given its oversight role, AMLA should lend assistance as may be necessary to assess the equivalence of professional secrecy requirements applicable to the third country counterpart.

(69)Directive (EU) 2015/849 allowed Member States to entrust the supervision of some obliged entities to self-regulatory bodies. However, the quality and intensity of supervision performed by such self-regulatory bodies has been insufficient, and under no or close to no public scrutiny. Where a Member State decides to entrust supervision to a self-regulatory body, it should also designate a public authority to oversee the activities of the self-regulatory body to ensure that the performance of those activities is in line with the requirements of this Directive.

(70)The importance of combating money laundering and terrorist financing should result in Member States laying down effective, proportionate and dissuasive administrative sanctions and measures in national law for failure to respect the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation]. National supervisors should be empowered by Member States to impose such measures to obliged entities to remedy the situation in the case of breaches and, where the breach so justifies, issue pecuniary sanctions. The range of sanctions and measures should be sufficiently broad to allow Member States and competent authorities to take account of the differences between obliged entities, in particular between credit institutions and financial institutions and other obliged entities, as regards their size, characteristics and the nature of the business.

(71)Member States currently have a diverse range of administrative sanctions and measures for breaches of the key preventative provisions in place and an inconsistent approach to investigating and sanctioning violations of anti-money laundering requirements, nor is there a common understanding among supervisors as to what should constitute a "serious" violation and thus distinguish when an administrative sanction should be imposed. That diversity is detrimental to the efforts made in combating money laundering and terrorist financing and the Union's response is fragmented. Therefore, common criteria for determining the most appropriate supervisory response to breaches should be laid down and a range of administrative measures that the supervisors could impose when the breaches are not sufficiently serious to be punished with an administrative sanction should be provided. In order to incentivise obliged entities to comply with the provisions of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation], it is necessary to strengthen the dissuasive nature of administrative sanctions. Accordingly, the minimum amount of the maximum penalty that can be imposed in case of serious breaches of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation] should be raised. In transposing this Directive, Member States should ensure that the imposition of administrative sanctions and measures, and of criminal sanctions in accordance with national law, does not breach the principle of ne bis in idem.

(72)Obliged entities can benefit from the freedom to provide services and to establish across the internal market to offer their products and services across the Union. An effective supervisory system requires that supervisors are aware of the weaknesses in obliged entities’ compliance with AML/CFT rules. It is therefore important that supervisors are able to inform one another of administrative sanctions and measures imposed on obliged entities, when such information would be relevant for other supervisors too.

(73)Publication of an administrative sanction or measure for breach of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation] can have a strong dissuasive effect against repetition of such breach. It also informs other entities of the money laundering and financing of terrorism risks associated with the sanctioned obliged entity before entering into a business relationship and assists supervisors in other Member States in relation to the risks associated with an obliged entity when it operates in their Member State on a cross-border basis. For those reasons, the requirement to publish decisions on sanctions against which there is no appeal should be confirmed. However, any such publication should be proportionate and, in the taking of a decision whether to publish an administrative sanction or measure, supervisors should take into account the gravity of the breach and the dissuasive effect that the publication is likely to achieve.

(74)There have been a number of cases where employees who have reported their suspicions of money laundering have been subjected to threats or hostile action. It is crucial that this issue be addressed to ensure effectiveness of the AML/CFT system. Member States should be aware of this problem and should do whatever they can to protect individuals, including employees and representatives of the obliged entity, from such threats or hostile action, and to provide, in accordance with national law, appropriate protection to such persons, particularly with regard to their right to the protection of their personal data and their rights to effective judicial protection and representation.

(75)The new fully-integrated and coherent anti-money laundering and counter-terrorist financing policy at Union level, with designated roles for both Union and national competent authorities and with a view to ensure their smooth and constant cooperation. In that regard, cooperation between all national and Union AML/CFT authorities is of the utmost importance and should be clarified and enhanced. Internally, it remains the duty of Member States to provide for the necessary rules to ensure that policy makers, the FIUs, supervisors, including AMLA, and other competent authorities involved in AML/CFT, as well as tax authorities and law enforcement authorities when acting within the scope of this Directive, have effective mechanisms to enable them to cooperate and coordinate, including through a restrictive approach to the refusal by competent authorities to cooperate and exchange information at the request of another competent authority.

(76)In order to facilitate and promote effective cooperation, and in particular the exchange of information, Member States should be required to communicate to the Commission and AMLA the list of their competent authorities and relevant contact details.

(77)The risk of money laundering and terrorist financing can be detected by all supervisors in charge of credit institutions. Information of a prudential nature relating to credit and financial institutions, such as information relating to the fitness and properness of directors and shareholders, to the internal control mechanisms, to governance or to compliance and risk management, is often indispensable for the adequate AML/CFT supervision of such institutions. Similarly, AML/CFT information is also important for the prudential supervision of such institutions. Therefore, cooperation and exchange of information with AML/CFT supervisors and FIU should be extended to all competent authorities in charge of the supervision of those obliged entities in accordance with other Union legal instruments, such as Directive (EU) 2013/36 32 , Directive (EU) 2014/49 33 , Directive (EU) 2014/59 34 , Directive (EU) 2014/92 35 and Directive (EU) 2015/2366 of the European Parliament and of the Council 36 . To ensure the effective implementation of this cooperation, Member States should inform the AMLA annually of the exchanges carried out.

(78)Cooperation with other authorities competent for supervising credit institutions under Directive (EU) 2014/92 and Directive (EU) 2015/2366 has the potential to reduce unintended consequences of AML/CFT requirements. Credit institutions may choose to terminate or restrict business relationships with customers or categories of customers in order to avoid, rather than manage, risk. Such de-risking practices may weaken the AML/CFT framework and the detection of suspicious transactions, as they push affected customers to resort to less secure or unregulated payment channels to meet their financial needs. At the same time, widespread de-risking practices in the banking sector may lead to financial exclusion for certain categories of payment entities or consumers. Financial supervisors are best placed to identify situations where a credit institution has refused to enter into a business relationship despite possibly being obliged to do so on the basis of the national law implementing Directive (EU) 2014/92 or Directive (EU) 2015/2366, and without a justification based on the documented customer due diligence. Financial supervisors should alert the authorities responsible for ensuring compliance by financial institution with Directive (EU) 2014/92 or Directive (EU) 2015/2366 when such cases arise.

(79)The cooperation between financial supervisors and the authorities responsible for crisis management of credit institutions and investment firms, such as in particular Deposit Guarantee Scheme designated authorities and resolution authorities, is necessary to reconcile the objectives to prevent money laundering under this Directive and to protect financial stability and depositors under the Directives 2014/49/EU and 2014/59/EU. Financial supervisors should oversee the performance of customer due diligence where the credit institution has been determined failing or likely to fail or when the deposits are defined as unavailable, and the reporting of any suspicious transactions to the FIU. Financial supervisors should inform the authorities responsible for crisis management of credit institutions and investment firms of any relevant outcome from the customer due diligence performed and of any account that has been suspended by the FIU.

(80)To facilitate such cooperation in relation to credit institutions, AMLA, in consultation with the European Banking Authority, should issue guidelines specifying the main elements of such cooperation including how information should be exchanged.

(81)Cooperation mechanisms should also extend to the authorities in charge of the supervision and oversight of auditors, as such cooperation can enhance the effectiveness of the Union anti-money laundering framework.

(82)The exchange of information and the provision of assistance between competent authorities of the Members States is essential for the purposes of this Directive. Consequently, Member States should not prohibit or place unreasonable or unduly restrictive conditions on this exchange of information and provision of assistance.

(83)Supervisors should be able to cooperate and exchange confidential information, regardless of their respective nature or status. To this end, they should have an adequate legal basis for exchange of confidential information and for cooperation. Exchange of information and cooperation with other authorities competent for supervising or overseeing obliged entities under other Union acts should not be hampered unintentionally by legal uncertainty which may stem from a lack of explicit provisions in this field. Clarification of the legal framework is even more important since prudential supervision has, in a number of cases, been entrusted to non-AML/CFT supervisors, such as the European Central Bank (ECB).

(84)The effectiveness of the Union AML/CFT framework relies on the cooperation between a wide array of competent authorities. To facilitate such cooperation, AMLA should be entrusted to develop guidelines in coordination with the ECB, the European Supervisory Authorities, Europol, Eurojust, and the European Public Prosecutor’s Office on cooperation between all competent authorities. Such guidelines should also describe how authorities competent for the supervision or oversight of obliged entities under other Union acts should take into account money laundering and terrorist financing concerns in the performance of their duties.

(85)Regulation (EU) 2016/679 applies to the processing of personal data for the purposes of this Directive. Regulation (EU) 2018/1725 of the European Parliament and of the Council 37 applies to the processing of personal data by the Union institutions and bodies for the purposes of this Directive. The fight against money laundering and terrorist financing is recognised as an important public interest ground by all Member States. However, competent authorities responsible for investigating or prosecuting money laundering, its predicate offences or terrorist financing, or those which have the function of tracing, seizing or freezing and confiscating criminal assets should respect the rules pertaining to the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, including Directive (EU) 2016/680 of the European Parliament and of the Council 38 .

(86)It is essential that the alignment of this Directive with the revised FATF Recommendations is carried out in full compliance with Union law, in particular as regards Union data protection law, including rules on data transfers, as well as the protection of fundamental rights as enshrined in the Charter of Fundamental Rights of the European Union (the ‘Charter’). Certain aspects of the implementation of this Directive involve the collection, analysis, storage and sharing of data within the Union and with third countries. Such processing of personal data should be permitted, while fully respecting fundamental rights, only for the purposes laid down in this Directive, and for the activities required under this Directive, such as the exchange of information among competent authorities.

(87)The rights of access to data by the data subject are applicable to the personal data processed for the purpose of this Directive. However, access by the data subject to any information related to a suspicious transaction report would seriously undermine the effectiveness of the fight against money laundering and terrorist financing. Exceptions to and restrictions of that right in accordance with Article 23 of Regulation (EU) 2016/679 and, where relevant, Article 25 of Regulation (EU) 2018/1725, may therefore be justified. The data subject has the right to request that a supervisory authority referred to in Article 51 of Regulation (EU) 2016/679 or, where applicable, the European Data Protection Supervisor, check the lawfulness of the processing and has the right to seek a judicial remedy referred to in Article 79 of that Regulation. The supervisory authority referred to in Article 51 of Regulation (EU) 2016/679 may also act on an ex-officio basis. Without prejudice to the restrictions to the right to access, the supervisory authority should be able to inform the data subject that all necessary verifications by the supervisory authority have taken place, and of the result as regards the lawfulness of the processing in question.

(88)In order to ensure continued exchange of information between FIUs during the period of set-up of AMLA, the Commission should continue to host the FIU.net on a temporary basis. To ensure full involvement of FIUs in the operation of the system, the Commission should regularly exchange with the EU Financial Intelligence Units' Platform (the ‘EU FIUs’ Platform’), an informal group composed of representatives from FIUs and active since 2006, and used to facilitate cooperation among FIUs and exchange views on cooperation-related issues.

(89)Regulatory technical standards should ensure consistent harmonisation across the Union. As the body with highly specialised expertise in the field of AML/CFT, it is appropriate to entrust AMLA with the elaboration, for submission to the Commission, of draft regulatory technical standards which do not involve policy choices.

(90)In order to ensure consistent approaches among FIUs and among supervisors, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission to supplement this Directive by adopting the regulatory technical standards setting out the criteria as regards appointment and functions of a central contact point of certain services providers, setting out benchmarks and methodology for assessing and classifying the inherent and residual risk profile of obliged entities and the frequency of risk profile reviews, laying down details of duties of the home and host supervisors, and the modalities of cooperation between them, specifying the general conditions for the functioning of the AML supervisory colleges and the operational functioning of such colleges, defining indicators to classify the level of gravity of breaches of this Directive and criteria to be taken into account when setting the level of administrative sanctions or taking administrative measures. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making. In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States' experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

(91)In order to ensure uniform conditions for the implementation of this Directive, implementing powers should be conferred on the Commission in order to lay down a methodology for the collection of statistics, establish the format for the submission of beneficial ownership information, define the technical conditions for the interconnection of beneficial ownership registers and of bank account registers and data retrieval mechanisms as well as to adopt implementing technical standards specifying the format to be used for the exchange of the information among FIUs of the Member States. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council 39 .

(92)This Directive respects the fundamental rights and observes the principles recognised by the Charter, in particular the right to respect for private and family life (Article 7 of the Charter), the right to the protection of personal data (Article 8 of the Charter) and the freedom to conduct a business (Article 16 of the Charter).

(93)When drawing up a report evaluating the implementation of this Directive, the Commission should give due consideration to the respect of the fundamental rights and principles recognised by the Charter.

(94)Since the objectives of this Directive, namely the establishment of a coordinated and coherent mechanism to prevent money laundering and terrorist financing, cannot be sufficiently achieved by the Member States but can rather, by reason of the scale and the effects of the proposed action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.

(95)In accordance with the Joint Political Declaration of 28 September 2011 of Member States and the Commission on explanatory documents 40 , Member States have undertaken to accompany, in justified cases, the notification of their transposition measures with one or more documents explaining the relationship between the components of a directive and the corresponding parts of national transposition instruments. With regard to this Directive, the legislator considers the transmission of such documents to be justified.

(96)The European Data Protection Supervisor has been consulted in accordance with Article 42 of Regulation (EU) 2018/1725 [and delivered an opinion on ... 41  ].

(97)Directive (EU) 2015/849 should therefore be repealed, 

HAVE ADOPTED THIS DIRECTIVE:

CHAPTER I

GENERAL PROVISIONS

Section 1

Subject matter, scope and definitions

Article 1

Subject matter

This Directive lays down rules concerning:

(a)measures applicable to sectors exposed to money laundering and terrorist financing at national level;

(b)the identification of money laundering and terrorist financing risks at Union and Member States level;

(c)the set-up and access to beneficial ownership, bank account and real estate registers;

(d)the responsibilities and tasks of Financial Intelligence Units (FIUs);

(e)the responsibilities and tasks of bodies involved in the supervision of obliged entities,

(f)cooperation between competent authorities and cooperation with authorities covered by other Union acts.

Article 2

Definitions

For the purposes of this Directive, the definitions set out in Article 2 of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] apply.

The following definitions also apply:

(1)‘financial supervisor’ means a supervisor in charge of credit and financial institutions;

(2)‘obliged entities’ means the natural or legal persons listed in Article 3 of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] that are not exempted in accordance with article 4,5,6 of that Regulation;

(3)‘home Member State’ means the Member State where the registered office of the obliged entity is situated or, if the obliged entity has no registered office, the Member State in which its head office is situated;

(4)‘host Member State’ means the Member State other than the home Member State in which the obliged entity has a subsidiary or a branch or provides services;

(5)‘customs authorities’ means the customs authorities as defined in Article 5(1) of Regulation (EU) 952/2013 of the European Parliament and of the Council 42 and the competent authorities as defined in Article 2(1), point (g), of Regulation (EU) 2018/1672 of the European Parliament and of the Council 43 ;

(6)‘anti-money laundering/counter-terrorist financing supervisory college’ or ‘AML/CFT supervisory college’ means a permanent structure for cooperation and information sharing for the purposes of supervising a group or an entity operating on a cross-border basis;

(7)‘entity operating on a cross-border basis’ means an obliged entity having at least one establishment in another Member State or in a third country;

(8)‘establishment’ means a branch or any other form of establishment of an obliged entity that operates in a Member State or third country other than the country where its head office is established, or the subsidiary of a parent undertaking established in a country other than the country where that parent undertaking has been established.

Section 2

National measures in sectors exposed to money laundering and terrorist financing

Article 3

Identification of exposed sectors at national level

1.Where the national risk assessment carried out by Member States pursuant to Article 8 identifies that, in addition to obliged entities, entities in other sectors are exposed to money laundering and terrorist financing risks, Member States may decide to apply the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] to those additional entities.

2.For the purposes of paragraph 1, Member States shall notify to the Commission their intention to apply of requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] to entities in additional sectors, accompanied by:

(a)a justification of the money laundering and terrorist financing risks underpinning such intention;

(b)an assessment of the impact that such extension will have on the provision of services within the internal market;

(c)the text of the national measures that the Member State intends to adopt.

3.Member States shall suspend the adoption of national measures referred to in paragraph 2, point (c), for 6 months from the date of the notification referred to in paragraph 2.

4.Before the end of the period referred to in paragraph 3, the Commission, having consulted the Authority for anti-money laundering and countering the financing of terrorism established by Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final] (AMLA), shall issue a detailed opinion regarding whether the measure envisaged:

(a)is adequate to address the risks identified, in particular as regards whether the risks identified by the Member State concern the internal market;

(b)may create obstacles to the free movement of services or capital or to the freedom of establishment of service operators within the internal market which are not proportionate to the money laundering and terrorist financing risks the measure aims to mitigate.

The detailed opinion shall also indicate whether the Commission intends to propose action at Union level.

5.Where the Commission does not consider it appropriate to propose action at Union level, the Member State concerned shall, within two months of receiving the detailed opinion referred to in paragraph 4, report to the Commission on the action it proposes to take on that detailed opinion. The Commission shall comment on the action proposed by the Member State.

6.Where the Commission indicates its intention to propose action at Union level, the Member State concerned shall abstain from adopting the national measures referred to in paragraph 2, point (c).

7.Where, on [please insert the date of entry into force of this Directive], Member States have already applied national provisions transposing Directive (EU) 2015/849 to other sectors than obliged entities, they may apply the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] to those sectors.

By [6 months after the date of transposition of this Directive], Member States shall notify the Commission the sectors identified at national level pursuant to the first sub-paragraph to which the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] shall apply, accompanied by a justification of the exposure of those sectors to money laundering and terrorist financing risks. Within 6 months of such notification, the Commission having consulted AMLA, shall issue a detailed opinion covering paragraph 4, points (a) and (b), and indicating whether it intends to propose action at Union level. Where the Commission does not consider it appropriate to propose action at Union level, paragraph 5 shall apply.

8.By [1 years after the date of transposition of this Directive] and every year thereafter, the Commission shall publish a consolidated list of the sectors to which Member States have decided to apply the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] in the Official Journal of the European Union.

Article 4

Requirements relating to certain service providers

1.Member States shall ensure that currency exchange and cheque cashing offices, and trust or company service providers are either licensed or registered.

2.Member States shall ensure that all providers of gambling services are regulated.

Article 5

Contact points

1.Member States may require electronic money issuers as defined in Article 2(3) of Directive 2009/110/EC 44 , payment service providers as defined in Article 4(11) of Directive (EU) 2015/2366 and crypto-assets service providers operating through agents located in the host Member State and operating under either the right of establishment or the freedom to provide services, and whose head office is situated in another Member State, to appoint a central contact point in their territory. That central contact point shall ensure, on behalf of the entity operating on a cross-border basis, compliance with AML/CFT rules and shall facilitate supervision by supervisors, including by providing supervisors with documents and information on request.

2.By [two years after the date of entry into force of this Directive], AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall set out the criteria for determining the circumstances in which the appointment of a central contact point pursuant to paragraph 1 is appropriate, and the functions of the central contact points.

3.The Commission is empowered to supplement this Directive by adopting the regulatory technical standards referred to in paragraph 2 of this Article in accordance with Articles 38 to 41 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

Article 6

Checks on the senior management and beneficial owners of certain obliged entities

1.Member States shall require supervisors to verify that the members of the senior management in the obliged entities referred to in Article 4, and the beneficial owners of such entities, act with honesty and integrity. Senior management of such entities should also possess knowledge and expertise necessary to carry out their functions.

2.With respect to the obliged entities referred to in Article 3, points (3)(a), (b), (d), (e) and (h) to (l), of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], Member States shall ensure that supervisors take the necessary measures to prevent persons convicted of money laundering, any of its predicate offences or terrorist financing or their associates from being professionally accredited, holding a management function in or being the beneficial owners of those obliged entities.

3.Member States shall ensure that supervisors verify at regular intervals and on a risk-sensitive basis whether the requirements of paragraphs 1 and 2 continue to be met. In particular, they shall verify whether the senior management acts with honesty and integrity and possesses knowledge and expertise necessary to carry out their functions in cases where there are reasonable grounds to suspect that money laundering or terrorist financing is being or has been committed or attempted, or there is increased risk thereof in an obliged entity.

4.Supervisors shall have the power to request the removal of any person convicted of money laundering, any of its predicate offences or terrorist financing from the management role of the obliged entities referred to in paragraphs 1 and 2. Supervisors shall have the power to remove members of the senior management that are not deemed to act with honesty and integrity and possess knowledge and expertise necessary to carry out their functions.

5.Where the person convicted of money laundering, any of its predicate offences or terrorist financing is the beneficial owner of an obliged entity referred to in paragraph 2, Member States shall ensure that such persons can be disassociated from any obliged entity, including by granting supervisors the power to request the divestment of the holding by the beneficial owner in an obliged entity.

6.For the purposes of this Article, Member States shall ensure that, in accordance with their national law, supervisors or any other authority competent at national level for assessing the appropriateness of persons referred to in paragraphs 1 and 2, check the existence of a relevant conviction in the criminal record of the person concerned. Any exchange of information for those purposes shall be carried out in accordance with Framework Decision 2009/315/JHA and Decision 2009/316/JHA as implemented in national law.

Section 2

Risk assessments

Article 7

Supra-national risk assessment

1.The Commission shall conduct an assessment of the risks of money laundering and terrorist financing affecting the internal market and relating to cross-border activities.

To that end, the Commission shall, at the latest by [4 years after the date of transposition of this Directive], draw up a report identifying, analysing and evaluating those risks at Union level. Thereafter, the Commission shall update its report every four years. The Commission may update parts of the report more frequently, if appropriate.

2.The report referred to in paragraph 1 shall cover at least the following:

(a)the areas and sectors of the internal market that are exposed to money laundering and terrorist financing risks;

(b)the nature and level of the risks associated with each area and sector;

(c)the most widespread means used to launder illicit proceeds, including, where available, those particularly used in transactions between Member States and third countries, independently of the identification of a third country pursuant to Section 2 of Chapter III of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final];

(d)the risks of non-implementation and evasion of proliferation financing-related targeted financial sanctions.

3.The Commission shall make recommendations to Member States on the measures suitable for addressing the identified risks. In the event that Member States decide not to apply any of the recommendations in their national AML/CFT regimes, they shall notify the Commission thereof and provide a justification for such a decision.

4.By [3 years after the date of transposition of this Directive], AMLA shall issue an opinion addressed to the Commission on the risks of money laundering and terrorist financing affecting the Union. Thereafter, AMLA shall issue an opinion every two years.

5.In conducting the assessment referred to in paragraph 1, the Commission shall organise the work at Union level, shall take into account the opinions referred to in paragraph 4 and shall involve the Member States' experts in the area of AML/CFT, representatives from national supervisory authorities and FIUs, as well as AMLA and other Union level bodies where appropriate.

6.Within 2 years of the adoption of the report referred to in paragraph 1, and every four years thereafter, the Commission shall submit a report to the European Parliament and to the Council on the actions taken based on the findings of that report.

Article 8

National risk assessment

1.Each Member State shall carry out a national risk assessment to identify, assess, understand and mitigate the risks of money laundering and terrorist financing affecting it. It shall keep that risk assessment up to date and review it at least every four years.

Each Member State shall also take appropriate steps to identify, assess, understand and mitigate the risks of non-implementation and evasion of proliferation financing-related targeted financial sanctions.

2.Each Member State shall designate an authority or establish a mechanism to coordinate the national response to the risks referred to in paragraph 1. The identity of that authority or the description of the mechanism shall be notified to the Commission, AMLA, and other Member States.

3.In carrying out the national risk assessments referred to in paragraph 1 of this Article, Member States shall take into account the report referred to in Article 7(1).

4.Each Member State shall use the national risk assessment to:

(a)improve its AML/CFT regime, in particular by identifying any areas where obliged entities are to apply enhanced measures and, where appropriate, specifying the measures to be taken;

(b)identify, where appropriate, sectors or areas of lower or greater risk of money laundering and terrorist financing;

(c)assess the risks of money laundering and terrorist financing associated with each type of legal person and legal arrangement in their territory and have an understanding of the exposure to risks deriving from foreign legal persons and legal arrangements;

(d)decide on the allocation and prioritisation of resources to combat money laundering and terrorist financing as well as non-implementation and evasion of proliferation financing-related targeted financial sanctions;

(e)ensure that appropriate rules are drawn up for each sector or area, in accordance with the risks of money laundering and terrorist financing;

(f)make appropriate information available promptly to competent authorities and to obliged entities to facilitate the carrying out of their own money laundering and terrorist financing risk assessments as well as the assessment of risks of evasion of proliferation financing-related targeted financial sanctions referred to in Article 8 of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final].

In the national risk assessment, Member States shall describe the institutional structure and broad procedures of their AML/CFT regime, including, inter alia, the FIU, tax authorities and prosecutors, as well as the allocated human and financial resources to the extent that this information is available.

5.Member States shall make the results of their national risk assessments, including their updates, available to the Commission, to AMLA and to the other Member States. Any Member State may provide relevant additional information, where appropriate, to the Member State carrying out the national risk assessment. A summary of the assessment shall be made publicly available. That summary shall not contain classified information. The information contained therein shall not permit the identification of any natural or legal person.

Article 9

Statistics

1.Member States shall maintain comprehensive statistics on matters relevant to the effectiveness of their AML/CFT frameworks in order to review the effectiveness of those frameworks.

2.The statistics referred to in paragraph 1 shall include:

(a)data measuring the size and importance of the different sectors which fall within the scope of this Directive, including the number of natural persons and entities and the economic importance of each sector;

(b)data measuring the reporting, investigation and judicial phases of the national AML/CFT regime, including the number of suspicious transaction reports made to the FIU, the follow-up given to those reports, the information on cross-border physical transfers of cash submitted to the FIU in accordance with Article 9 of Regulation (EU) 2018/1672 together with the follow-up given to the information submitted and, on an annual basis, the number of cases investigated, the number of persons prosecuted, the number of persons convicted for money laundering or terrorist financing offences, the types of predicate offences identified in accordance with Article 2 of Directive (EU) 2018/1673 of the European Parliament and of the Council 45 where such information is available, and the value in euro of property that has been frozen, seized or confiscated;

(c)if available, data identifying the number and percentage of reports resulting in further investigation, together with the annual report drawn up by FIUs pursuant to Article 21;

(d)data regarding the number of cross-border requests for information that were made, received, refused and partially or fully answered by the FIU, broken down by counterpart country;

(e)the number of mutual legal assistance or other international requests for information relating to beneficial ownership and bank account information as referred to in Chapter IV of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and Sections 1 and 2 of Chapter II of this Directive received from or made to counterparts outside the Union, broken down by competent authority and counterpart country;

(f)human resources allocated to supervisors as well as human resources allocated to the FIU to fulfil the tasks specified in Article 17;

(g)the number of on-site and off-site supervisory actions, the number of breaches identified on the basis of supervisory actions and sanctions or administrative measures applied by supervisory authorities and self-regulatory bodies pursuant to Section 4 of Chapter IV;

(h)the number and type of breaches identified in relation to the obligations of Chapter IV of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and sanctions or administrative measures applied in relation to those breaches, as well as the number of inspections carried out by the entity in charge of the central register pursuant to Article 10(8) of this Directive.

3.Member States shall ensure that the statistics referred to in paragraph 2 are collected and transmitted to the Commission on an annual basis. The statistics referred to in paragraph 2, points (a), (c), (d) and (f), shall also be transmitted to AMLA.

AMLA shall store those statistics in its database in accordance with Article 11 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

4.By [3 years after the date of transposition of this Directive], AMLA shall adopt an opinion addressed to the Commission on the methodology for the collection of the statistics referred to in paragraph 2, points (a), (c), (d) and (f).

5.The Commission is empowered to adopt implementing acts laying down the methodology for the collection of the statistics referred to in paragraph 2 and the arrangements for their transmission to the Commission and AMLA. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 54(2).

6.The Commission shall publish a biennial report summarising and explaining the statistics referred to in paragraph 2, which shall be made available on its website.

CHAPTER II

REGISTERS

Section I

Beneficial ownership registers

Article 10

Beneficial ownership registers

1.Member States shall ensure that beneficial ownership information referred to in Article 44 of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and information on nominee arrangements referred to in Article 47 of that Regulation is held in a central register in the Member State where the legal entity is incorporated or where the trustee or person holding an equivalent position in a similar legal arrangement is established or resides. Such requirement shall not apply to companies listed on a regulated market that are subject to disclosure requirements equivalent to the requirements laid down in this Directive or subject to equivalent international standards.

The beneficial ownership information contained in the central registers may be collected in accordance with national systems.

2.Where there are reasons to doubt the accuracy of the beneficial ownership information held by the central registers, Member States shall ensure that legal entities and legal arrangements are required to provide additional information on a risk-sensitive basis, including resolutions of the board of directors and minutes of their meetings, partnership agreements, trust deeds, power of attorney or other contractual agreements and documentation.

3.Where no person is identified as beneficial owner pursuant to Article 45(2) and (3) of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], the central register shall include:

(a)a statement accompanied by a justification, that there is no beneficial owner or that the beneficial owner(s) could not be identified and verified;

(b)the details of the natural person(s) who hold the position of senior managing official(s) in the corporate or legal entity equivalent to the information required under Article 44(1), point (a), of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final].

4.The Commission is empowered to adopt, by means of implementing acts, the format for the submission of beneficial ownership information to the central register. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 54(2).

5.Member States shall require that the beneficial ownership information held in the central registers is adequate, accurate and up-to-date. For that purpose, Member State shall apply at least the following requirements:

(a)obliged entities shall report to the entity in charge of the central registers any discrepancies they find between the beneficial ownership information available in the central registers and the beneficial ownership information available to them pursuant to Article 18 of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation].

(b)competent authorities, if appropriate and to the extent that this requirement does not interfere unnecessarily with their functions, shall report to the entity in charge of the central registers any discrepancies they find between beneficial ownership information available in the central registers and the beneficial ownership information available to them.

6.Member States shall require that the reporting of discrepancies referred to in paragraph 5 takes place within 14 calendar days after detecting the discrepancy. In cases of lower risk to which measures under Section 3 of Chapter III of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation] apply, Member States may allow obliged entities to request the customer to rectify discrepancies of a technical nature that do not hinder the identification of the beneficial owner(s) directly with the entity in charge of the central registers.

7.Member States shall ensure that the entity in charge of the central registers takes appropriate actions to cease the discrepancies, including amending the information included in the central registers where the entity is able to identify and verify the beneficial ownership information. A specific mention of the fact that there are discrepancies reported shall be included in the central registers and visible at least to competent authorities and obliged entities.

8.In the case of corporate and other legal entities, Member States shall ensure that the entity in charge of the central beneficial ownership register is empowered to carry out checks, including on-site investigations at the premises or registered office of the legal entity, in order to establish the current beneficial ownership of the entity and to verify that the information submitted to the central register is accurate, adequate and up-to-date. The right of the central register to verify such information shall not be restricted, obstructed or precluded in any manner.

9.Member States shall ensure that the entity in charge of the central register is empowered to impose effective, proportionate and dissuasive measures or sanctions for failures to provide the register with accurate, adequate and up-to-date information about their beneficial ownership.

10.Member States shall ensure that if, in the course of the checks carried out pursuant to this Article, or in any other way, the entities in charge of the beneficial ownership registers discover facts that could be related to money laundering or to terrorist financing, they shall promptly inform the FIU.

11.The central registers shall be interconnected via the European Central Platform established by Article 22(1) of Directive (EU) 2017/1132.

12.The information referred to in paragraph 1 shall be available through the national registers and through the system of interconnection of central beneficial ownership registers for at least five years and no more than 10 years after the corporate or other legal entity has been struck off from the register.

Article 11

General rules regarding access to beneficial ownership registers by competent authorities, self-regulatory bodies and obliged entities

1.Member States shall ensure that competent authorities have timely, unrestricted and free access to the information held in the interconnected central registers referred to in Article 10, without alerting the entity or arrangement concerned.

2.Access to the central registers referred to in Article 10 shall be granted to FIUs, supervisory authorities, public authorities with designated responsibilities for combating money laundering or terrorist financing, as well as tax authorities and authorities that have the function of investigating or prosecuting money laundering, its predicate offences and terrorist financing, tracing and seizing or freezing and confiscating criminal assets. Self-regulatory bodies shall be granted access to the registers when performing supervisory functions.

3.Member States shall ensure that, when taking customer due diligence measures in accordance with Chapter III of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation], obliged entities have timely access to the information held in the interconnected central registers referred to in Article 10.

4.By [3 months after the date of transposition of this Directive], Member States shall notify to the Commission the list of competent authorities and self-regulatory bodies and the categories of obliged entities that were granted access to the registers and the type of information available to obliged entities, as well as the beneficial ownership information that can be accessed by the public pursuant to Article 12. Member States shall update such notification when changes to the list of competent authorities or categories of obliged entities or to the extent of access granted to obliged entities or the public occur. The Commission shall make the information on the access by competent authorities and obliged entities, including any change to it, available to the other Member States.

Article 12

Specific access rules to beneficial ownership registers for the public

1.Member States shall ensure that any member of the general public has access to the following information held in the interconnected central registers referred to in Article 10:

(a)in the case of legal entities, at least the name, the month and year of birth and the country of residence and nationality of the beneficial owner as well as the nature and extent of the beneficial interest held;

(b)in case of express trusts or similar legal arrangements, the name, the month and year of birth and the country of residence and nationality of the beneficial owner as well as the nature and extent of the beneficial interest held, provided that a legitimate interest can be demonstrated.

In addition to the information listed in the first subparagraph, point (a), Member States may, under conditions to be determined in national law, provide for access to additional information necessary for the identification of the beneficial owner. That additional information shall include at least the date of birth or contact details in accordance with Union and Member State data protection rules.

2.Member States may choose to make beneficial ownership information held in their central registers available to the public on the condition of authentication using electronic identification means and relevant trust services as set out in Regulation (EU) 910/2014 of the European Parliament and of the Council 46 and the payment of a fee, which shall not exceed the administrative costs of making the information available, including costs of maintenance and developments of the register.

Article 13

Exceptions to the access rules to beneficial ownership registers

In exceptional circumstances to be laid down in national law, where the access referred to in Articles 11(3) and 12(1) would expose the beneficial owner to disproportionate risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation, or where the beneficial owner is a minor or otherwise legally incapable, Member States may provide for an exemption from such access to all or part of the personal information on the beneficial owner on a case-by-case basis. Member States shall ensure that those exemptions are granted upon a detailed evaluation of the exceptional nature of the circumstances. Rights to an administrative review of the decision granting an exemption and to an effective judicial remedy shall be guaranteed. A Member State that has granted exemptions shall publish annual statistical data on the number of exemptions granted and reasons stated and report the data to the Commission.

Exemptions granted pursuant to this Article shall not apply to the obliged entities referred to in Article 3, point (3)(b), of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation] that are public officials.

Section 2

Bank account information

Article 14

Bank account registers and electronic data retrieval systems

1.Member States shall put in place centralised automated mechanisms, such as a central registers or central electronic data retrieval systems, which allow the identification, in a timely manner, of any natural or legal persons holding or controlling payment accounts and bank accounts identified by IBAN, as defined by Regulation (EU) No 260/2012 of the European Parliament and of the Council 47  , and safe-deposit boxes held by a credit institution within their territory.

Member States shall notify the Commission of the characteristics of those national mechanisms as well as the criteria pursuant to which information is included in those national mechanisms.

2.Member States shall ensure that the information held in the centralised mechanisms referred to in paragraph 1 is directly accessible in an immediate and unfiltered manner to national FIUs. The information shall also be accessible to national competent authorities for fulfilling their obligations under this Directive.

3.The following information shall be accessible and searchable through the centralised mechanisms referred to in paragraph 1:

(a)for the customer-account holder and any person purporting to act on behalf of the customer: the name, complemented by either the other identification data required under Article 18(1) of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation] or a unique identification number;

(b)for the beneficial owner of the customer-account holder: the name, complemented by either the other identification data required under Article 18(1) of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation] or a unique identification number;

(c)for the bank or payment account: the IBAN number and the date of account opening and closing;

(d)for the safe-deposit box: name of the lessee complemented by either the other identification data required under Article 18(1) of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation] or a unique identification number and the duration of the lease period.

4.Member States may require other information deemed essential for FIUs and other competent authorities for fulfilling their obligations under this Directive to be accessible and searchable through the centralised mechanisms.

5.The centralised automated mechanisms referred to in paragraph 1 shall be interconnected via the bank account registers (BAR) single access point to be developed and operated by the Commission.

The Commission is empowered to adopt, by means of implementing acts, the technical specifications and procedures for the connection of the Member States' centralised automated mechanisms to the single access point. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 54(2).

6.Member States shall ensure that the information referred to in paragraph 3 is available through the single access point interconnecting the centralised automated mechanisms. Member States shall take adequate measures to ensure that only the information referred to in paragraph 3 that is up to date and corresponds to the actual bank account information is made available through their national centralised automated mechanisms and through the single access point interconnecting the centralised automated mechanisms referred to in this paragraph. The access to that information shall be granted in accordance with data protection rules.

The other information that Member States consider essential for FIUs and other competent authorities pursuant to paragraph 4 shall not be accessible and searchable through the single access point interconnecting the centralised automated mechanisms.

7.National FIUs shall be granted immediate and unfiltered access to the information on payment and bank accounts and safe-deposit boxes in other Member States available through the single access point interconnecting the centralised automated mechanisms. Member States shall cooperate among themselves and with the Commission in order to implement this paragraph.

Member States shall ensure that the staff of the national FIUs maintain high professional standards of confidentiality and data protection, are of high integrity and are appropriately skilled.

8.Member States shall ensure that technical and organisational measures are put in place to ensure the security of the data to high technological standards for the purposes of the exercise by FIUs of the power to access and search the information available through the single access point interconnecting the centralised automated mechanisms in accordance with paragraphs 5 and 6.

Article 15

Implementing acts for the interconnection of registers

1.Where necessary, the Commission is empowered to adopt, by means of implementing acts, technical specifications and procedures necessary to provide for the interconnection of Member States’ central registers in accordance with Article 10(11) with regard to:

(a)the technical specification defining the set of the technical data necessary for the platform to perform its functions as well as the method of storage, use and protection of such data;

(b)the common criteria according to which beneficial ownership information is available through the system of interconnection of registers, depending on the level of access granted by Member States;

(c)the technical details on how the information on beneficial owners is to be made available;

(d)the technical conditions of availability of services provided by the system of interconnection of registers;

(e)the technical modalities to implement the different types of access to information on beneficial ownership in accordance with Articles 11 and 12 of this Directive, including the authentication of users through the use of electronic identification means and relevant trust services as set out in Regulation (EU) 910/2014;

(f)the payment modalities where access to beneficial ownership information is subject to the payment of a fee according to Article 12(2) taking into account available payment facilities such as remote payment transactions.

Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 54(2).

2.Where necessary, the Commission is empowered to adopt, by means of implementing acts, technical specifications and procedures necessary to provide for the interconnection of Member States’ centralised mechanisms as referred to in Article 14(5), with regard to:

(a)the technical specification defining the methods of communication by electronic means for the purposes of the bank account registers (BAR) single access point;

(b)the technical specification of the communication protocols;

(c)the technical specifications defining the data security, data protection safeguards, use and protection of the information which is searchable and accessible by means of the bank account registers (BAR) single access point interconnecting the centralised automated mechanisms;

(d)the common criteria according to which bank account information is searchable through the single access point interconnecting the centralised automated mechanisms;

(e)the technical details on how the information is made available by means of the single access point interconnecting the centralised automated mechanisms, including the authentication of users through the use of electronic identification means and relevant trust services as set out in Regulation (EU) 910/2014;

(f)the technical conditions of availability of services provided by the single access point interconnecting the centralised automated mechanisms.

Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 54(2).

3.When adopting the implementing acts referred to in paragraphs 1 and 2, the Commission shall take into account proven technology and existing practices. The Commission shall ensure that the single access point to be developed and operated does not incur costs above what is absolutely necessary in order to implement this Directive.

Section 3

Real estate registers

Article 16

Real estate registers

1.Member States shall provide competent authorities with access to information which allows the identification in a timely manner of any natural or legal person owning real estate, including through registers or electronic data retrieval systems where such registers or systems are available. Competent authorities shall also have access to information allowing the identification and analysis of transactions involving real estate, including their economic value and details of the natural or legal persons involved in those transactions including, where available, whether the natural or legal person owns, sells or acquires real estate on behalf of a legal arrangement.

FIUs shall be granted direct and immediate access to the information referred to in the first subparagraph.

2.By [3 months after the date of transposition of this Directive], Member States shall notify to the Commission the list of competent authorities that were granted access to the registers or systems referred to in paragraph 1 and the type of information available to them. Member States shall update such notification when changes to the list of competent authorities or to the extent of access to information granted occurs. The Commission shall make that information, including any change to it, available to the other Member States.

CHAPTER III

FIUs

Article 17

Establishment of FIUs

1.Each Member State shall establish an FIU in order to prevent, detect and effectively combat money laundering and terrorist financing.

2.The FIU shall be the single central national unit responsible for receiving and analysing suspicious transactions and other information relevant to money laundering, its predicate offences or terrorist financing submitted by obliged entities in accordance with Article 50 or reports submitted by obliged entities in accordance with Article 59(4), point (b), of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and by customs authorities pursuant to Article 9 of Regulation (EU) 2018/1672.

3.The FIU shall be responsible for disseminating the results of its analyses and any additional relevant information to other competent authorities where there are grounds to suspect money laundering, its predicate offences or terrorist financing. It shall be able to obtain additional information from obliged entities.

The FIU's financial analysis function shall consist of the following:

(a)an operational analysis which focuses on individual cases and specific targets or on appropriate selected information, depending on the type and volume of the disclosures received and the expected use of the information after dissemination;

(b)a strategic analysis addressing money laundering and terrorist financing trends and patterns.

By [1 year after the date of transposition of this Directive], AMLA shall issue guidelines addressed to FIUs on the nature, features and objectives of operational and of strategic analysis.

4.Each FIU shall be operationally independent and autonomous, which means that it shall have the authority and capacity to carry out its functions freely, including the ability to take autonomous decisions to analyse, request and disseminate specific information. It shall be free from any undue political, government or industry influence or interference.

When a FIU is located within the existing structure of another authority, the FIU’s core functions shall be independent and operationally separated from the other functions of the host authority.

5.Member States shall provide their FIUs with adequate financial, human and technical resources in order to fulfil their tasks. FIUs shall be able to obtain and deploy the resources needed to carry out their functions. Their staff shall be of high integrity and appropriately skilled, and maintain high professional standards.

6.Member States shall ensure that FIUs have rules in place governing the security and confidentiality of information.

7.Each Member States shall ensure that its FIU is able to make arrangements or engage independently with other domestic competent authorities pursuant to Article 45 on the exchange of information.

Article 18

Access to information

1.Member States shall ensure that their FIUs have:

(a)immediate and, with the exception of point (ii), direct access to at least the following financial information:

(i) information contained in the national centralised automated mechanisms in accordance with Article 14;

(ii) information on wire transfers;

(iii) information from obliged entities;

(iv) information on mortgages and loans;

(v) information contained in the national currency and currency exchange databases;

(vi) information on securities;

(b)immediate and, with the exception of point (xiv), direct access to at least the following administrative information:

(i) fiscal data, including data held by tax and revenue authorities;

(ii) national real estate registers or electronic data retrieval systems and land and cadastral registers;

(ii) national citizenship and population registers of natural persons;

(iv) national passports and visas registers;

(v) cross-border travel databases;

(vi) commercial databases, including business and company registers and PEP databases;

(vii) national motor vehicles, aircraft and watercraft registers;

(viii) national social security registers;

(ix) customs data, including cross-border physical transfers of cash;

(x) national weapons and arms registers;

(xi) national beneficial ownership registers;

(xii) data available through the interconnection of beneficial ownership registers in accordance with Article 10(11).

(xiii) registers on non-profit organisations;

(xiv) information held by national financial supervisors and regulators, in accordance with Article 45 and Article 50(2);

(xv) databases storing data on CO2 emission trading established pursuant to Commission Regulation (EU) 389/2013 48 .

(xvi) information on annual financial statements by companies;

(xvii) national migration/immigration registers;

(xviii) information held by commercial courts;

(xix) information held in insolvency databases and by insolvency practitioners;

(c)direct or indirect access to the following law enforcement information:

(i) any type of information or data which is already held by competent authorities in the context of preventing, detecting, investigating or prosecuting criminal offences;

(ii) any type of information or data which is held by public authorities or by private entities in the context of preventing, detecting, investigating or prosecuting criminal offences and which is available to competent authorities without the taking of coercive measures under national law.

The information referred to in point (c) may include criminal records, information on investigations, information on the freezing or seizure of assets or on other investigative or provisional measures and information on convictions and on confiscations.

2.Where the information referred to in paragraph 1, points (a), (b) and (c), is not stored in databases or registers, Member States shall take the necessary measures to ensure that FIUs can obtain that information by other means.

3.In the cases where the FIUs are provided with indirect access to information, the requested authority shall respond to the request in a timely manner.

4.In the context of its functions, each FIU shall be able to request, obtain and use information from any obliged entity to perform its functions pursuant to Article 17(3), even if no prior report is filed pursuant to Article 50(1), point (a), or Article 51(1) of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final]. Obliged entities shall not be obliged to comply with requests for information made pursuant to this paragraph when they concern information obtained in the situations referred to in Article 51(2) of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final].

Article 19

Responses to requests for information

1.Member States shall ensure that FIUs respond in a timely manner to reasoned requests for information by other competent authorities in their respective Member State or Union authorities competent for investigating or prosecuting criminal activities when such requests for information are motivated by concerns relating to money laundering, its predicate offences or terrorist financing or when this information is necessary for the competent authority to perform its tasks under this Directive. The decision on conducting the dissemination of information shall remain with the FIU.

Where there are objective grounds for assuming that the provision of such information would have a negative impact on ongoing investigations or analyses, or, in exceptional circumstances, where disclosure of the information would be clearly disproportionate to the legitimate interests of a natural or legal person or irrelevant with regard to the purposes for which it has been requested, the FIU shall be under no obligation to comply with the request for information.

2.Competent authorities shall provide feedback to the FIU about the use made of the information provided in accordance with this Article. Such feedback shall be provided as soon as possible and in any case, at least on an annual basis, in such a way as to inform the FIU about the actions taken by the competent authorities on the basis of the information provided by the FIU and allow the FIU to execute its operational analysis function.

Article 20

Suspension or withholding of consent to a transaction and suspension of an account

1.Member States shall ensure that FIUs are empowered to take urgent action, directly or indirectly, where there is a suspicion that a transaction is related to money laundering or terrorist financing, to suspend or withhold consent to a transaction that is proceeding. Such suspension shall be imposed on the obliged entity within 48 hours of receiving the suspicious transaction report in order to analyse the transaction, confirm the suspicion and disseminate the results of the analysis to the competent authorities. Member States shall ensure that subject to national procedural safeguards, the transaction is suspended for a period of a maximum of 15 calendar days from the day of the imposition of such suspension to the obliged entity.

The FIU shall be empowered to impose such suspension, directly or indirectly, at the request of an FIU from another Member State for the periods and under the conditions specified in the national law of the FIU receiving the request.

2.Where there is a suspicion that several transactions involving a bank or payment account are related to money laundering or terrorist financing, Member States shall ensure that the FIU is empowered to take urgent action, directly or indirectly, to suspend the use of a bank or payment account in order to analyse the transactions performed through the account, confirm the suspicion and disseminate the results of the analysis to the competent authorities.

Such suspension shall be imposed on the obliged entity within 48 hours of receiving the suspicious transaction report and immediately notified to the competent judicial authority. Member States shall ensure that the use of that bank or payment account is suspended for a period of a maximum of 5 days from the day of the imposition of the suspension. Member States shall ensure that any extension of such suspension shall be authorized by the competent judicial authority.

3.Member States shall provide for the effective possibility for the person whose bank or payment account is affected to challenge the suspension before a court in accordance with procedures provided for in national law.

4.FIUs shall be empowered to impose the suspensions referred to in paragraphs 1 and 2, directly or indirectly, at the request of an FIU from another Member State under the conditions specified in the national law of the FIU receiving the request.

Article 21

Feedback by FIU

1.Each Member State shall ensure that its FIU issues a yearly report on its activities. The report shall contain statistics on:

(a)suspicious transaction reports submitted by obliged entities;

(b)disclosures by supervisors and beneficial ownership registers;

(c)disseminations to competent authorities;

(d)requests submitted to and received from other FIUs;

(e)data on cross-border physical transfers of cash submitted by customs authorities.

The report referred to in the first subparagraph shall also contain information on the trends and typologies identified in the files disseminated to other competent authorities.

FIUs shall disseminate the report to obliged entities. Such report shall be made public within four months of its dissemination, except for the elements of the report which contain classified information. The information contained therein shall not permit the identification of any natural or legal person.

2.Member States shall ensure that FIUs provide obliged entities with feedback on the reports of suspected money laundering or terrorist financing. Such feedback shall cover at least the quality of the information provided, the timeliness of reporting, the description of the suspicion and the documentation provided at submission stage.

The FIU shall provide such feedback at least once per year, whether provided to the individual obliged entity or to groups of obliged entities, taking into consideration the overall number of suspicious transactions reported by the obliged entities.

Such feedback shall also be made available to supervisors to allow them to perform risk-based supervision in accordance with Article 31.

The obligation to provide feedback shall not jeopardise any ongoing analytical work carried out by the FIU or any investigation or administrative action subsequent to the dissemination by the FIU, and shall not affect the applicability of data protection and confidentiality requirements.

3.Member States shall ensure that FIUs provide customs authorities with timely feedback on the effectiveness of and follow-up to the information submitted pursuant to Article 9 of Regulation (EU) 2018/1672.

Article 22

Cooperation between FIUs

Member States shall ensure that FIUs cooperate with each other and with their counterparts in third countries to the greatest extent possible, regardless of their organisational status.

Article 23

Protected channels of communication

1.A system for the exchange of information between FIUs of the Member States shall be set up (‘FIU.net’). The system shall ensure the secure communication and shall be capable of producing a written record under conditions that allow ascertaining authenticity. That system may also be used for communications with FIUs counterparts in third countries and with other authorities and Union bodies. FIU.net shall be managed by AMLA.

2.Member States shall ensure that any exchange of information pursuant to Article 24 is transmitted using the FIU.net. In the event of technical failure of the FIU.net, the information shall be transmitted by any other appropriate means ensuring a high level of data security.

Exchanges of information between FIUs and their counterparts in third countries shall also take place through protected channels of communication.

3.Member States shall ensure that, in order to fulfil their tasks as laid down in this Directive, their FIUs cooperate in the application of state-of-the-art technologies in accordance with their national law.

Article 24

Exchange of information between FIUs

1.Member States shall ensure that FIUs exchange, spontaneously or upon request, any information that may be relevant for the processing or analysis of information by the FIU related to money laundering, its predicate offences, or terrorist financing, and the natural or legal person involved, even if the type of predicate offences that may be involved is not identified at the time of the exchange.

A request shall contain the relevant facts, background information, reasons for the request and how the information sought will be used.

When an FIU receives a report pursuant to Article 50(1), the first subparagraph, point (a), of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] which concerns another Member State, it shall promptly forward the report, or all the relevant information obtained from it, to the FIU of that Member State.

2.By [2 years after the date of entry into force of this Directive], AMLA shall develop draft implementing technical standards and submit them to the Commission for adoption. Those draft implementing technical standards shall specify the format to be used for the exchange of the information referred to in paragraph 1.

3.The Commission is empowered to adopt the implementing technical standards referred to in paragraph 2 of this Article in accordance with Article 42 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

4.By [1 year after the date of transposition of this Directive], AMLA shall issue guidelines addressed to FIUs on the relevant factors to be taken into consideration when determining whether a report pursuant to Article 50(1), the first subparagraph, point (a), of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] concerns another Member State, the procedures to be put in place when forwarding and receiving that report, and the follow-up to be given.

5.Member States shall ensure that the FIU to whom the request is made is required to use the whole range of its available powers which it would normally use domestically for receiving and analysing information when it replies to a request for information referred to in paragraph 1 from another FIU.

When an FIU seeks to obtain additional information from an obliged entity established in another Member State which operates on the territory of its Member State, the request shall be addressed to the FIU of the Member State in whose territory the obliged entity is established. That FIU shall obtain information in accordance with Article 50(1) of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and transfer the answers promptly.

6.Member States shall ensure that where an FIU is requested to provide information pursuant to paragraph 1, it shall respond to the request as soon as possible and in any case no later than seven days after the receipt of the request. In exceptional, duly justified cases, this time limit may be extended to a maximum of 14 calendar days. Where the requested FIU is unable to obtain the requested information, it shall inform the requesting FIU thereof.

7.Member States shall ensure that in exceptional, justified and urgent cases and, by way of derogation from paragraph 6, where pursuant to paragraph 1 an FIU is requested to provide information which is either held in a database or registry directly accessible by the requested FIU or which is already in its possession, the requested FIU shall provide that information no later than 24 hours after the receipt of the request.

If the requested FIU is unable to respond within 24 hours or cannot access the information directly, it shall provide a justification. Where the provision of the information requested within the period of 24 hours would put a disproportionate burden on the requested FIU, it may postpone the provision of the information. In that case the requested FIU shall immediately inform the requesting FIU of this postponement and shall provide the requested information as soon as possible, but not later than within three calendar days.

8.An FIU may refuse to exchange information only in exceptional circumstances where the exchange could be contrary to fundamental principles of its national law. Those exceptional circumstances shall be specified in a way which prevents misuse of, and undue limitations on, the free exchange of information for analytical purposes.

By [1 year after the date of transposition of this Directive], Member States shall notify to the Commission the exceptional circumstances referred to in the first subparagraph. Member States shall update such notifications where changes to the exceptional circumstances identified at national level occur.

Article 25

Joint analyses

1.Member States shall ensure that their FIUs are able to carry out joint analyses of suspicious transactions and activities.

2.For the purpose of paragraph 1, the relevant FIUs, assisted by AMLA in accordance with Article 33 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final], shall set up a joint analysis team for a specific purpose and limited period, which may be extended by mutual consent, to carry out operational analyses of suspicious transactions or activities involving one or more of the FIUs setting up the team.

3.A joint analysis team may be set up where:

(a)an FIU’s operational analyses require difficult and demanding analyses having links with other Member States;

(b)a number of FIUs are conducting operational analyses in which the circumstances of the case necessitate coordinated, concerted action in the Member States involved.

A request for the setting up of a joint analysis team may be made by any of the FIUs concerned.

4.Member States shall ensure that the member of their FIU allocated to the joint analysis team is able, in accordance with his or her national law and within the limits of his or her competence, to provide the team with information available to its FIU for the purpose of the analysis conducted by the team.

5.Where the joint analysis team needs assistance from an FIU other than those which are part of the team, it might request that other FIU to:

(a)join the joint analysis team;

(b)submit financial intelligence and financial information to the joint analysis team.

Article 26

Use by FIUs of information exchanged between them

Information and documents received pursuant to Articles 22 and 24 shall be used for the accomplishment of the FIU's tasks as laid down in this Directive. When exchanging information and documents pursuant to Articles 22 and 24, the transmitting FIU may impose restrictions and conditions for the use of that information. The receiving FIU shall comply with those restrictions and conditions.

Member States shall ensure that FIUs designate at least one contact person or point to be responsible for receiving requests for information from FIUs in other Member States.

Article 27

Consent to further dissemination of information exchanged between FIUs

1.Member States shall ensure that the information exchanged pursuant to Articles 22 and 24 is used only for the purpose for which it was sought or provided and that any dissemination of that information by the receiving FIU to any other authority, agency or department, or any use of this information for purposes beyond those originally approved, is made subject to the prior consent by the FIU providing the information.

2.Member States shall ensure that the requested FIU’s prior consent to disseminate the information to competent authorities is granted promptly and to the largest extent possible, regardless of the type of predicate offences. The requested FIU shall not refuse its consent to such dissemination unless this would fall beyond the scope of application of its AML/CFT provisions or could lead to impairment of an investigation, or would otherwise not be in accordance with fundamental principles of national law of that Member State. Any such refusal to grant consent shall be appropriately explained. The cases where FIUs may refuse to grant consent shall be specified in a way which prevents misuse of, and undue limitations to, the dissemination of information to competent authorities.

Article 28

Effect of criminal law provisions

Differences between national law definitions of predicate offences shall not impede the ability of FIUs to provide assistance to another FIU and shall not limit the exchange, dissemination and use of information pursuant to Articles 24, 26 and 27.

CHAPTER IV

ANTI-MONEY LAUNDERING SUPERVISION

Section 1

General provisions

Article 29

Powers and resources of national supervisors

1.Member States shall ensure that all obliged entities are subject to adequate supervision. To that end, Member States shall appoint supervisors to monitor effectively, and to take the measures necessary to ensure, compliance by the obliged entities with the requirements set out in Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and with the requirement to implement targeted financial sanctions.

2.Member States shall ensure that supervisors have adequate financial, human and technical resources to perform their tasks as listed in paragraph 4. Member States shall ensure that staff of those authorities are of high integrity and appropriately skilled, and maintain high professional standards, including standards of confidentiality, data protection and standards addressing conflicts of interest.

3.In the case of the obliged entities referred to in Article 3, points (3)(a), (b) and (d), of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], Member States may allow the function referred to in paragraph 1 of this Article to be performed by self-regulatory bodies, provided that those self-regulatory bodies have the powers referred to in paragraph 5 of this Article and have adequate financial, human and technical resources to perform their functions. Member States shall ensure that staff of those bodies are of high integrity and appropriately skilled, and that they maintain high professional standards, including standards of confidentiality, data protection and standards addressing conflicts of interest.

4.For the purposes of paragraph 1, Member States shall ensure that the national supervisors perform the following tasks:

(a)to disseminate relevant information to obliged entities pursuant to Article 30;

(b)to decide of those cases where the specific risks inherent in a sector are clear and understood and individual documented risk assessments pursuant to Article 8 of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] are not required;

(c)to verify the adequacy and implementation of the internal policies, controls and procedures of obliged entities pursuant to Chapter II of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and of the human resources allocated to the performance of the tasks required under that Regulation;

(d)to regularly assess and monitor the money laundering and terrorist financing risks the obliged entities are exposed to;

(e)to monitor compliance by obliged entities with regard to their obligations in relation to targeted financial sanctions;

(f)to conduct all the necessary off-site, on-site and thematic investigations and any other inquiries, assessments and analyses necessary to verify that obliged entities comply with the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], with the requirement to implement targeted financial sanctions, and with any administrative measures taken pursuant to Article 41;

(g)to take appropriate supervisory measures to address any breaches of applicable requirements by the obliged entities identified in the process of supervisory assessments and follow up on the implementation of such measures.

5.Member States shall ensure that supervisors have adequate powers to perform their tasks as provided in paragraph 4, including the power to:

(a)compel the production of any information from obliged entities which is relevant for monitoring and verifying compliance with the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and to perform checks, including from agents or external service providers to whom the obliged entity has outsourced part of its tasks to meet the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final];

(b)impose appropriate and proportionate administrative measures to remedy the situation in the case of breaches, including through the imposition of administrative sanctions in accordance with Section 4 of this Chapter.

6.Member States shall ensure that financial supervisors and supervisors in charge of gambling operators have powers additional to those referred to in paragraph 5, including the power to investigate the business premises of the obliged entity without prior announcement where the proper conduct and efficiency of inspection so require, and that they have all the necessary means to carry out such investigation.

For the purposes of the first subparagraph, the supervisors shall at least be able to:

(a)examine the books and records of the obliged entity and take copies or extracts from such books and records;

(b)obtain access to any software, databases, IT tools or other electronic means of recording information used by the obliged entity;

(c)obtain written or oral explanations from any person responsible for AML/CFT internal policies and controls or their representatives or staff, as well as any representative or staff of entities to which the obliged entity has outsourced tasks pursuant to Article 40 of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], and interview any other person who consents to be interviewed for the purpose of collecting information relating to the subject matter of an investigation.

Article 30

Provision of information to obliged entities

1.Member States shall ensure that supervisors make information on money laundering and terrorist financing available to the obliged entities under their supervision.

2.The information referred to in paragraph 1 shall include the following:

(a)the supra-national risk assessment drawn up by the Commission pursuant to Article 7 and any relevant recommendation by the Commission on the basis of that Article;

(b)national or sectoral risk assessments drawn up pursuant to Article 8;

(c)relevant guidelines, recommendations and opinions issued by AMLA in accordance with Articles 43 and 44 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final];

(d)information on third countries identified pursuant to Section 2 of Chapter III of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final];

(e)any guidance and report produced by AMLA and other supervisors and, where relevant, the public authority overseeing self-regulatory bodies, the FIU or any other competent authority or international organisations and standard setters regarding money laundering and terrorist financing methods which might apply to a sector and indications which may facilitate the identification of transactions or activities at risk of being linked to money laundering and terrorist financing in that sector, as well as on obliged entities’ obligations in relation to targeted financial sanctions.

3.Member States shall ensure that supervisors make information on persons or entities designated in relation to targeted financial sanctions available to the obliged entities under their supervision immediately.

Article 31

Risk-based supervision

1.Member States shall ensure that supervisors apply a risk-based approach to supervision. To that end, Member States shall ensure that they:

(a) have a clear understanding of the risks of money laundering and terrorist financing present in their Member State;

(b) assess all relevant information on the specific domestic and international risks associated with customers, products and services of the obliged entities;

(c) base the frequency and intensity of on-site, off-site and thematic supervision on the risk profile of obliged entities, and on the risks of money laundering and terrorist financing in that Member State. To that end, supervisors shall draw up annual supervisory programmes.

2.By [2 years after the date of entry into force of this Directive], AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall set out the benchmarks and a methodology for assessing and classifying the inherent and residual risk profile of obliged entities, as well as the frequency at which such risk profile shall be reviewed. Such frequency shall take into account any major events or developments in the management and operations of the obliged entity, as well as the nature and size of the business.

3.The Commission is empowered to supplement this Directive by adopting the regulatory technical standards referred to in paragraph 2 of this Article in accordance with Articles 38 to 41 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

4.By [1 year after the date of transposition of this Directive], AMLA shall issue guidelines addressed to supervisors on the characteristics of a risk-based approach to supervision and the steps to be taken when conducting supervision on a risk-sensitive basis.

5.Member States shall ensure that supervisors take into account the degree of discretion allowed to the obliged entity, and appropriately review the risk assessments underlying this discretion, and the adequacy of its policies, internal controls and procedures.

6.Member States shall ensure that the results of the risk assessments performed by supervisors pursuant to this Article are made available in aggregated form to the FIU.

Article 32

Disclosure to FIUs

1.Member States shall ensure that if, in the course of the checks carried out on the obliged entities, or in any other way, supervisors discover facts that could be related to money laundering or to terrorist financing, they shall promptly inform the FIU.

2.Member States shall ensure that supervisors empowered to oversee the stock, foreign exchange and financial derivatives markets, inform the FIU if they discover facts that could be related to money laundering or terrorist financing.

Article 33

Supervision of obliged entities operating under the freedom of establishment and freedom to provide services

1.Member States shall ensure that supervisors cooperate with each other to the greatest extent possible, regardless of their respective nature or status. Such cooperation may include conducting, within the powers of the requested supervisor, inquiries on behalf of a requesting supervisor, and the subsequent exchange of the information obtained through such inquiries.

2.In addition to Article 5, obliged entities wishing to exercise the freedom to provide services by carrying out activities within the territory of another Member State for the first time shall notify the supervisors of the home Member State of the activities which they intend to carry out. Such notification shall also be required where provision of cross-border services is carried out by agents of the obliged entity.

3.The supervisors of the home Member State shall, within one month of receipt of the notification provided for in paragraph 2, transmit that notification to the supervisors of the host Member State.

4.In the cases covered by paragraph 2 of this Article and Article 5, supervisors of the host Member State shall cooperate with supervisors of the home Member State and lend assistance to ensure the verification of compliance by the obliged entity with the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and of Regulation [please insert reference – proposal for a recast of Regulation (EU) 2015/847 - COM/2021/422 final] and to take appropriate and proportionate measures to address breaches.

In the cases covered by Article 5, the supervisors of the host Member State shall be allowed at their own initiative to take appropriate and proportionate measures to address serious failings that require immediate remedies. Those measures shall be temporary and be terminated when the failings identified are addressed, including with the assistance of or in cooperation with the supervisors of the home Member State of the obliged entity.

5.Where the supervisors of the home and host Member State disagree on the measures to be taken in relation to an obliged entity, they may refer the matter to AMLA and request its assistance in accordance with Articles 5 and 10 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final]. AMLA shall provide its advice on the matter of disagreement within one month.

Article 34

Provisions related to cooperation in the context of group supervision

1.In the case of credit and financial institutions that are part of a group, Member States shall ensure that, for the purposes laid down in Article 29(1), financial supervisors of the home Member State and those of the host Member State cooperate with each other to the greatest extent possible, regardless of their respective nature or status. They shall also cooperate with AMLA when it exercises supervisory functions in accordance with Article 5(2) of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

2.Except where AMLA exercises supervisory functions in accordance with Article 5(2) of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final], Member States shall ensure that the financial supervisors of the home Member State supervise the effective implementation of the group-wide policies, controls and procedures referred to in Article 13 of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final]. Member States shall also ensure that financial supervisors of the host Member State supervise the compliance of the establishments located in the territory of its Member State with the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final].

3.For the purposes of this Article, and except in cases where AML/CFT supervisory colleges are established in accordance with Article 36, Member States shall ensure that financial supervisors provide one another with any information they require for the exercise of their supervisory tasks, whether on request or on their own initiative. In particular, financial supervisors shall exchange any information that could significantly influence the assessment of the inherent or residual risk exposure of a credit or financial institution in another Member State, including:

(a)identification of the group's legal, governance and organisational structure, covering all subsidiaries and branches;

(b)internal controls, policies and procedures in place within the group;

(c)adverse developments in relation to the parent undertaking, subsidiaries or branches, which could seriously affect other parts of the group;

(d)administrative measures and sanctions taken by financial supervisors in accordance with Section 4 of this Chapter.

Member States shall also ensure that financial supervisors are able to conduct, within their powers, inquiries on behalf of a requesting supervisor, and to share the information obtained through such inquiries.

4.By [2 years after the date of entry into force of this Directive], AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall detail the respective duties of the home and host supervisors, and the modalities of cooperation between them.

The Commission is empowered to supplement this Directive by adopting the regulatory technical standards referred to in the first sub-paragraph in accordance with Articles 38 to 41 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

5.Financial supervisors may refer to AMLA any of the following situations:

(a)where a financial supervisor has not communicated the information referred to in paragraph 3;

(b)where a request for cooperation has been rejected or has not been acted upon within a reasonable time.

AMLA may act in accordance with the powers conferred on it under Articles 5 and 10 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final]. When doing so, AMLA shall provide its opinion on the subject-matter of the request within one month.

6.Member States shall ensure that the provisions of this Article also apply to the supervision of groups of obliged entities other than credit or financial institutions. Member States shall also ensure that in cases where obliged entities other than credit and financial institutions are part of structures which share common ownership, management or compliance control, including networks or partnerships, cooperation and exchange of information between supervisors is facilitated.

Article 35

Exchange of information in relation to implementation of group policies in third countries

Supervisors, including AMLA, shall inform each other of instances in which the law of a third country does not permit the implementation of the policies, controls and procedures required under Article 13 of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final]. In such cases, coordinated actions may be taken by supervisors to pursue a solution. In assessing which third countries do not permit the implementation of the policies, controls and procedures required under Article 13 of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], supervisors shall take into account any legal constraints that may hinder proper implementation of those policies and procedures, including professional secrecy, an insufficient level of data protection and other constraints limiting the exchange of information that may be relevant for that purpose.

Section 2

Specific provisions applicable to the financial sector

Article 36

AML/CFT supervisory colleges

1.Member States shall ensure that dedicated AML/CFT supervisory colleges are established in any of the following situations:

(a)where a credit or financial institution has set up establishments in at least two different Member States other than the Member State where its head office is situated;

(b)where a third-country credit or financial institution has set up establishments in at least three Member States.

2. For the purposes of paragraph 1, Member States shall ensure that financial supervisors identify:

(a)all credit and financial institutions operating on a cross-border basis that have been authorised in their Member State;

(b)all establishments set up by those institutions in other jurisdictions;

(c)establishments set up in their territory by credit and financial institutions from other Member States or third countries.

3. Members States may allow the establishment of AML/CFT supervisory colleges when a credit or financial institution established in the Union has set up establishments in at least two third countries. Financial supervisors may invite their counterparts in those third countries to set up such college. The financial supervisors participating in the college shall establish a written agreement detailing the conditions and procedures of the cooperation and exchange of information.

4. Such colleges may be used for exchanging information, providing mutual assistance or coordinating the supervisory approach to the institution, including, where relevant, the taking of appropriate and proportionate measures to address serious breaches of the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] that are detected across the establishments set up by the institution in the jurisdiction of a supervisor participating in the college.

5. AMLA shall attend the meetings of the AML/CFT supervisory colleges and shall facilitate their work in accordance with Article 29 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

6. By [2 year after the date of entry into force of this Directive], AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall specify the general conditions for the functioning of the AML/CFT supervisory colleges, including the terms of cooperation between participants, and the operational functioning of such colleges.

The Commission is empowered to supplement this Directive by adopting the regulatory technical standards referred to in the first subparagraph in accordance with Articles 38 to 41 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

Article 37

Cooperation with financial supervisors in third countries

1. Member States may authorise financial supervisors to conclude cooperation agreements providing for collaboration and exchanges of confidential information with their counterparts in third countries. Such cooperation agreements shall comply with applicable data protection rules for data transfers and be concluded on the basis of reciprocity and only if the information disclosed is subject to a guarantee of professional secrecy requirements at least equivalent to that referred to in Article 50(1). Confidential information exchanged in accordance with those cooperation agreements shall be used for the purpose of performing the supervisory tasks of those authorities only.

Where the information exchanged originates in another Member State, it shall only be disclosed with the explicit consent of the financial supervisor which shared it and, where appropriate, solely for the purposes for which that supervisor gave its consent.

2. For the purposes of paragraph 1, AMLA may lend such assistance as may be necessary to assess the equivalence of professional secrecy requirements applicable to the third country counterpart.

3. Member States shall ensure that financial supervisors notify any agreement signed pursuant to this Article to AMLA within one month of its signature.

Section 3

Specific provisions relating to self-regulatory bodies

Article 38

Oversight of self-regulatory bodies

1. Where Member States decide, pursuant to Article 29(3), to allow self-regulatory bodies to perform supervision of the entities referred to in Article 3, points (3)(a), (b) and (d), of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], they shall ensure that the activities of such self-regulatory bodies in the performance of such functions are subject to oversight by a public authority.

2. The authority overseeing self-regulatory bodies shall be responsible for:

(a)verifying that any self-regulatory body performing the functions or aspiring to perform the functions referred to in Article 29(1) satisfies the requirements of paragraph 3 of that Article;

(b)issuing guidance as regards the performance of the functions referred to in Article 29(1);

(c)ensuring that self-regulatory bodies perform their functions under Section 1 of this Chapter to the highest standards;

(d)reviewing the exemptions granted by self-regulatory bodies from the obligation to draw up an individual documented risk assessment pursuant to Article 29(4), point (b).

3.Member States shall ensure that the authority overseeing self-regulatory bodies is granted adequate powers to discharge its responsibilities under paragraph 2. As a minimum, Member States shall ensure that the authority has the power to:

(a)compel the production of any information that is relevant to monitoring compliance and performing checks, except for any information collected by obliged entities referred to in Article 3, points (3)(a), (b) and (d), of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] in the course of ascertaining the legal position of their client, or for performing the task of defending or representing that client in, or concerning, judicial proceedings, including providing advice on instituting or avoiding such proceedings; whether such information was collected before, during or after such proceedings;

(b)issue instructions to a self-regulatory body for the purpose of remedying a failure to perform its functions under Article 29(1) or to comply with the requirements of paragraph 6 of that Article, or to prevent any such failures. When issuing such instructions, the authority shall consider any relevant guidance it provided or that has been provided by AMLA.

4. Member States shall ensure that the authority overseeing self-regulatory bodies informs the authorities competent for investigating and prosecuting criminal activities timely, directly or through the FIU, of any breaches which are subject to criminal sanctions that it detects in the performance of its tasks.

5. The authority overseeing self-regulatory bodies shall publish an annual report containing information about:

(a)the number and nature of breaches detected by each self-regulatory body and the administrative measures or sanctions imposed on obliged entities;

(b)the number of suspicious transactions reported by the entities subject to supervision by each self-regulatory body to the FIU, whether submitted directly pursuant to Article 50(1) of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], or forwarded by each self-regulatory body to the FIU pursuant to Article 51(1) of that Regulation;

(c)the number and description of measures taken under Article 40 by each self-regulatory body to monitor compliance by obliged entities with the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] referred to in Article 40(1);

(d)the number and description of measures taken by the authority overseeing self-regulatory bodies under this Article and the number of instructions issued to self-regulatory bodies.

Such report shall be made available on the website of the authority overseeing self-regulatory bodies and submitted to the Commission and AMLA.

Section 4

Administrative sanctions and measures

Article 39

General provisions

1. Member States shall ensure that obliged entities can be held liable for breaches of the Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] in accordance with this Section.

2. Without prejudice to the right of Member States to provide for and impose criminal sanctions, Member States shall lay down rules on administrative sanctions and measures and ensure that supervisors may impose such sanctions and measures with respect to breaches of this Directive, and shall ensure that they are applied. Any resulting sanction or measure imposed pursuant to this Section shall be effective, proportionate and dissuasive.

3. In the event of a breach of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], Member States shall ensure that where obligations apply to legal persons, administrative sanctions and measures can be applied to the senior management and to other natural persons who under national law are responsible for the breach.

Member States shall ensure that where supervisors identify breaches which are subject to criminal sanctions, they inform the authorities competent for investigating and prosecuting criminal activities in a timely manner.

4. Supervisors shall exercise their powers to impose administrative sanctions and measures in accordance with this Directive and with national law, in any of the following ways:

(a)directly;

(b)in collaboration with other authorities;

(c)under their responsibility by delegation to such other authorities;

(d)by application to the competent judicial authorities.

By [3 months after the deadline for transposition of this Directive], Member States shall notify to the Commission and AMLA the information as regards the arrangements relating to the imposition of administrative sanctions or measures pursuant to this paragraph, including, where relevant, information whether certain sanctions or measures require the recourse to a specific procedure.

5.Member States shall ensure that, when determining the type and level of administrative sanctions or measures, supervisors take into account all relevant circumstances, including where applicable:

(a)the gravity and the duration of the breach;

(b)the degree of responsibility of the natural or legal person held responsible;

(c)the financial strength of the natural or legal person held responsible, including in light of its total turnover or annual income;

(d)the benefit derived from the breach by the natural or legal person held responsible, insofar as it can be determined;

(e)the losses to third parties caused by the breach, insofar as they can be determined;

(f)the level of cooperation of the natural or legal person held responsible with the competent authority;

(g)previous breaches by the natural or legal person held responsible.

6. In the exercise of their powers to impose administrative sanctions and measures, supervisors shall cooperate closely in order to ensure that those administrative sanctions or measures produce the desired results and coordinate their action when dealing with cross-border cases.

7. By [2 years after the date of entry into force of this Directive], AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall define indicators to classify the level of gravity of breaches and criteria to be taken into account when setting the level of administrative sanctions or taking administrative measures pursuant to this Section.

The Commission is empowered to supplement this Directive by adopting the regulatory technical standards referred to in the first subparagraph in accordance with Articles 38 to 41 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

Article 40

Administrative sanctions

1. Member States shall ensure that administrative sanctions are applied to obliged entities for serious, repeated or systematic breaches of the requirements laid down in the following provisions of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final]:

(a)Chapter III (customer due diligence);

(b)Chapter V (reporting obligations);

(c)Article 56 (record-retention);

(d)Section 1 of Chapter II (internal controls).

2. Member States shall ensure that in the cases referred to in paragraph 1, the maximum pecuniary sanctions that can be applied amount at least to twice the amount of the benefit derived from the breach where that benefit can be determined, or at least EUR 1 000 000.

3. Member States shall ensure that, by way of derogation from paragraph 2, where the obliged entity concerned is a credit institution or financial institution, the following sanctions can also be applied:

(a)in the case of a legal person, maximum administrative pecuniary sanctions of at least EUR 10 000 000 or 10 % of the total annual turnover according to the latest available accounts approved by the management body; where the obliged entity is a parent undertaking or a subsidiary of a parent undertaking which is required to prepare consolidated financial accounts in accordance with Article 22 of Directive 2013/34/EU of the European Parliament and of the Council 49 , the relevant total annual turnover shall be the total annual turnover or the corresponding type of income in accordance with the relevant accounting regime according to the last available consolidated accounts approved by the management body of the ultimate parent undertaking;

(b)in the case of a natural person, maximum administrative pecuniary sanctions of at least EUR 5 000 000 or, in the Member States whose currency is not the euro, the corresponding value in the national currency on [please insert the date of entry into force of this Directive].

4. Member States may empower competent authorities to impose administrative pecuniary sanctions exceeding the amounts referred to in paragraphs 2 and 3.

Article 41

Administrative measures other than sanctions

1. When supervisors identify breaches of requirements of the Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] which are not deemed sufficiently serious to be punished with an administrative sanction, they may decide to impose administrative measures on the obliged entity. Member States shall ensure that the supervisors are able at least to:

(a)issue recommendations;

(b)order obliged entities to comply, including to implement specific corrective measures;

(c)issue a public statement which identifies the natural or legal person and the nature of the breach;

(d)issue an order requiring the natural or legal person to cease the conduct and to desist from repetition of that conduct;

(e)where an obliged entity is subject to an authorisation, withdraw or suspend the authorisation;

(f)impose a temporary ban against any person discharging managerial responsibilities in an obliged entity, or any other natural person, held responsible for the breach, from exercising managerial functions in obliged entities.

2. When taking the administrative measures referred to in paragraph 1, supervisors shall be able to:

(a)request an ad-hoc or regular submission of any document necessary for the performance of their tasks, including those to justify the process of implementation of the requested administrative measures;

(b)require the reinforcement of the arrangements, processes, mechanisms and strategies;

(c)require the obliged entity to apply a specific policy or requirements relating to individual clients, transactions or activities that pose high risks;

(d)require the implementation of measures to bring about the reduction of the money laundering or terrorist financing risks inherent in the activities and products of the obliged entity.

3. The administrative measures referred to in paragraph 1 shall be accompanied by a binding deadline for their effective implementation. Member States shall ensure that supervisors follow up and assess the effective implementation by the obliged entity of the actions requested.

4. Member States may empower supervisors to impose additional types of administrative measures to those referred to in paragraph 1.

Article 42

Publication of administrative sanctions and measures

1. Member States shall ensure that a decision imposing an administrative sanction or measure for breach of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] against which there is no appeal shall be published by the supervisors on their official website immediately after the person sanctioned is informed of that decision. The publication shall include at least information on the type and nature of the breach and the identity of the persons responsible. Member States shall not be obliged to apply this subparagraph to decisions imposing measures that are of an investigatory nature.

Where the publication of the identity of the persons responsible as referred to in the first subparagraph or the personal data of such persons is considered by the supervisors to be disproportionate following a case-by-case assessment, or where publication jeopardises the stability of financial markets or an on-going investigation, supervisors shall:

(a)delay the publication of the decision to impose an administrative sanction or measure until the moment at which the reasons for not publishing it cease to exist;

(b)publish the decision to impose an administrative sanction or measure on an anonymous basis in a manner in accordance with national law, if such anonymous publication ensures an effective protection of the personal data concerned; in that case, the publication of the relevant data may be postponed for a reasonable period of time if it is provided that within that period the reasons for anonymous publication shall cease to exist;

(c)not publish the decision to impose an administrative sanction or measure at all in the event that the options set out in points (a) and (b) are considered insufficient to ensure one of the following:

(i) that the stability of financial markets would not be put in jeopardy;

(ii) the proportionality of the publication of the decision with regard to measures which are deemed to be of a minor nature.

2. Where Member States permit publication of decisions against which there is an appeal, supervisors shall also publish, immediately, on their official website such information and any subsequent information on the outcome of such appeal. Moreover, any decision annulling a previous decision to impose an administrative sanction or a measure shall also be published.

3. Supervisors shall ensure that any publication in accordance with this Article shall remain on their official website for a period of five years after its publication. However, personal data contained in the publication shall only be kept on the official website of the competent authority for the period which is necessary in accordance with the applicable data protection rules and in any case for no more than 5 years.

4. Member States shall ensure that legal persons can be held liable for the breaches referred to in Article 40(1) committed for their benefit by any person, acting individually or as part of an organ of that legal person, and having a leading position within the legal person based on any of the following:

(a)power to represent the legal person;

(b)authority to take decisions on behalf of the legal person;

(c)authority to exercise control within the legal person.

5. Member States shall ensure that legal persons can be held liable where the lack of supervision or control by the persons referred to in paragraph 4 of this Article has made possible the commission, by a person under their authority, of the breaches referred to in Article 40(1) for the benefit of that legal person.

Article 43

Whistle-blower protection

1. Member States shall ensure that supervisory authorities, as well as, where applicable, self-regulatory bodies, establish effective and reliable mechanisms to encourage the reporting of potential and actual breaches of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final].

For that purpose, they shall provide one or more secure communication channels for the reporting referred to in the first subparagraph. Such channels shall ensure that the identity of persons providing information is known only to the supervisory authority, or, where applicable, self-regulatory body.

2. The mechanisms referred to in paragraph 1 shall include at least:

(a)specific procedures for the receipt of reports on breaches and their follow-up;

(b)appropriate protection for employees or persons in a comparable position, of obliged entities who report breaches committed within the obliged entity;

(c)appropriate protection for the accused person;

(d)protection of personal data concerning both the person who reports the breaches and the natural person who is allegedly responsible for a breach, in compliance with the principles laid down in Regulation (EU) 2016/679;

(e)clear rules that ensure that confidentiality is guaranteed in all cases in relation to the person who reports the breaches committed within the obliged entity, unless disclosure is required by national law in the context of further investigations or subsequent judicial proceedings.

3. Member States shall ensure that individuals, including employees and representatives of the obliged entity who report potential or actual breaches of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] internally or to the FIU, are legally protected from being exposed to threats, retaliatory or hostile action, and in particular from adverse or discriminatory employment actions.

Member States shall ensure that individuals who are exposed to threats, hostile actions, or adverse or discriminatory employment actions for reporting potential or actual breaches of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] internally or to the FIU are entitled to present a complaint in a safe manner to the respective competent authorities. Without prejudice to the confidentiality of information gathered by the FIU, Member States shall also ensure that such individuals have the right to effective remedy to safeguard their rights under this paragraph.

Article 44

Exchange of information on sanctions

1. Member States shall ensure that their supervisors and, where relevant, the national authority overseeing self-regulatory bodies in their performance of supervisory functions inform AMLA of all administrative sanctions and measures imposed in accordance with this Section, including of any appeal in relation thereto and the outcome thereof. Such information shall also be shared with other supervisors when the administrative sanction or measure concerns an entity operating in two or more Member States.

2. AMLA shall maintain on its website links to each supervisor's publication of administrative sanctions and measures imposed in accordance with Article 42, and shall show the time period for which each Member State publishes administrative sanctions and measures.

CHAPTER V

COOPERATION

Section 1

AML/CFT cooperation

Article 45

General provisions

1. Member States shall ensure that policy makers, the FIUs, supervisors, including AMLA, and other competent authorities, as well as tax authorities have effective mechanisms to enable them to cooperate and coordinate domestically concerning the development and implementation of policies and activities to combat money laundering and terrorist financing and to prevent the non-implementation and evasion of proliferation financing-related targeted financial sanctions, including with a view to fulfilling their obligations under Article 8.

2. With regard to beneficial ownership information obtained by competent authorities pursuant to Chapter IV of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and Section I of Chapter II of this Directive, Member States shall ensure that competent authorities are able to provide such information to the competent authorities of other Member States or third countries in a timely manner and free of charge.

3. Member States shall not prohibit or place unreasonable or unduly restrictive conditions on the exchange of information or assistance between competent authorities for the purposes of this Directive. Member States shall ensure that competent authorities do not refuse a request for assistance on the grounds that:

(a)the request is also considered to involve tax matters;

(b)national law requires obliged entities to maintain secrecy or confidentiality, except in those cases where the relevant information that is sought is protected by legal privilege or where legal professional secrecy applies, as provided for in Article 51(2) of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final];

(c)there is an inquiry, investigation or proceeding underway in the requested Member State, unless the assistance would impede that inquiry, investigation or proceeding;

(d)the nature or status of the requesting counterpart competent authority is different from that of requested competent authority.

Article 46

Communication of the list of the competent authorities

1. In order to facilitate and promote effective cooperation, and in particular the exchange of information, Member States shall communicate to the Commission and AMLA:

(a)the list of supervisors responsible for overseeing the compliance of the obliged entities with the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], as well as, where relevant, name of the public authority overseeing self-regulatory bodies in their performance of supervisory functions under this Directive, and their contact details;

(b)the contact details of their FIU;

(c)the list of other competent national authorities.

2. For the purposes of paragraph 1, the following contact details shall be provided:

(a)the name and role of the contact person;

(b)the professional email address and phone number of the contact person.

3. Member States shall ensure that the information provided to the Commission and AMLA pursuant to paragraph 1 is updated as soon as a change takes place.

4. AMLA shall publish a register of the authorities referred to in paragraph 1 on its website and facilitate the exchange of information referred to in paragraph 2 between competent authorities. The authorities in the register shall, within the scope of their powers, serve as a contact point for the counterpart competent authorities. FIUs and supervisory authorities shall also serve as a contact point for AMLA.

Article 47

Cooperation with AMLA

FIU and supervisory authorities shall cooperate with AMLA and shall provide it with all the information necessary to allow it to carry out its duties under this Directive, under Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and under Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

Section 2

Cooperation with other authorities and exchange of confidential information

Article 48

Cooperation in relation to credit institutions

1. Member States shall ensure that financial supervisors, FIUs and authorities competent for the supervision of credit institutions under other legal acts cooperate closely with each other within their respective competences and provide each other with information relevant for the performance of their respective tasks. Such cooperation and information exchange shall not impinge on an ongoing inquiry, investigation or proceedings in accordance with the criminal or administrative law of the Member State where the financial supervisor or authority entrusted with competences for the supervision of credit institutions under other legal acts is located and shall not affect obligations of professional secrecy as provided in Article 50(1).

2. Member States shall ensure that, where financial supervisors identify weaknesses in the AML/CFT internal control system and application of the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] of a credit institution which materially increase the risks to which the institution is or might be exposed, the financial supervisor immediately notifies the European Banking Authority (EBA) and the authority or body that supervises the credit institution in accordance with Directive (EU) 2013/36, including the ECB acting in accordance with Council Regulation (EU) 1024/2013 50 .

In the event of potential increased risk, financial supervisors shall be able to liaise with the authorities supervising the institution in accordance with Directive (EU) 2013/36 and draw up a common assessment to be notified to EBA. AMLA shall be kept informed of any such notifications.

3. Member States shall ensure that, where financial supervisors find that a credit institution has refused to enter into a business relationship but the documented customer due diligence pursuant to Article 17(2) does not justify such refusal, they shall inform the authority responsible for ensuring compliance by that institution with Directive (EU) 2014/92 or Directive (EU) 2015/2366.

4. Member States shall ensure that financial supervisors cooperate with resolution authorities as defined in Article 3(18) of Directive 2014/59/EU or designated authorities as defined in Article 2(1)(18) of Directive 2014/49/EU. Financial supervisors shall inform such authorities of the outcome of the customer due diligence measures applied pursuant to Chapter III of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] and of any account that has been suspended by the FIU pursuant to Article 20.

5. Financial supervisors and FIUs shall report on a yearly basis to AMLA on their cooperation with other authorities pursuant to this Article.

6. By [2 years after the date of transposition of this Directive], AMLA shall, in consultation with EBA, issue guidelines on cooperation between financial supervisors and the authorities referred to in paragraphs 2, 3 and 4, including on the level of involvement of FIUs in such cooperation.

Article 49

Cooperation in relation to auditors

1. Member States shall ensure that supervisors in charge of auditors and, where relevant, public authorities overseeing self-regulatory bodies pursuant to Chapter IV of this Directive, their FIU and the public authorities competent for overseeing statutory auditors and audit firms pursuant to Article 32 of Directive 2006/43/EC of the European Parliament and of the Council 51 and Article 20 of Regulation (EU) 537/2014 of the European Parliament and of the Council 52 cooperate closely with each other within their respective competences and provide each other with information relevant for the performance of their respective tasks.

Confidential information exchanged pursuant to this Article shall be used by the authorities referred to in the first subparagraph solely for the exercise of their functions within the scope of this Directive or the other Union acts referred to in the first subparagraph and in the context of administrative or judicial proceedings specifically related to the exercise of those functions.

2. Member States may prohibit the authorities referred to in paragraph 1 from cooperating when such cooperation, including the exchange of information, would impinge on an ongoing inquiry, investigation or proceedings in accordance with the criminal or administrative law of the Member State where the authorities are located.

Article 50

Exchange of information in relation to credit and financial institutions among entities bound by professional secrecy

1.Member States shall require that all persons working for or who have worked for financial supervisors and auditors or experts acting on behalf of financial supervisors be bound by the obligation of professional secrecy.

Without prejudice to cases covered by criminal investigations and prosecutions under Member States and Union law and information provided to the FIU pursuant to Article 32, confidential information which the persons referred to in the first subparagraph receive in the course of their duties under this Directive may be disclosed only in summary or aggregate form, in such a way that individual credit and financial institutions cannot be identified.

2. Paragraph 1 shall not prevent the exchange of information between:

(a)financial supervisors, whether within a Member State or in different Member States, including AMLA when acting in accordance with Article 5(2) of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final];

(b)financial supervisors and FIUs;

(c)financial supervisors and competent authorities in charge of credit and financial institutions in accordance with other legislative acts relating to the supervision of credit and financial institutions, including the ECB acting in accordance with Regulation (EU) 1024/2013, whether within a Member State or in different Member States.

For the purposes of the first subparagraph, point (c), the exchange of information shall be subject to the professional secrecy requirements provided for in paragraph 1.

3. Any authority that receives confidential information pursuant to paragraph 2 shall only use this information:

(a)in the discharge of its duties under this Directive or under other legislative acts in the field of AML/CFT, of prudential regulation and supervision of credit and financial institutions, including sanctioning;

(b)in an appeal against a decision of the authority, including court proceedings;

(c)in court proceedings initiated pursuant to special provisions provided for in Union law adopted in the field of this Directive or in the field of prudential regulation and supervision of credit and financial institutions.

Article 51

Exchange of information among supervisors and with other authorities

1. With the exception of cases covered by Article 51(2) of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], Member States shall authorise the exchange of information between:

(a)supervisors and the public authorities overseeing self-regulatory bodies pursuant to Chapter IV of this Directive, whether in the same Member State or in different Member States;

(b)supervisors and the authorities responsible by law for the supervision of financial markets in the discharge of their respective supervisory functions;

(c)supervisors in charge of auditors and, where relevant, public authorities overseeing self-regulatory bodies pursuant to Chapter IV of this Directive, and the public authorities competent for overseeing statutory auditors and audit firms pursuant to Article 32 of Directive 2006/43/EC and Article 20 of Regulation (EU) 537/2014, including authorities in different Member States.

The professional secrecy requirements laid down in Article 50(1) and (3) shall not prevent such exchange of information.

Confidential information exchanged pursuant to this paragraph shall only be used in the discharge of the duties of the authorities concerned, and in the context of administrative or judicial proceedings specifically related to the exercise of those functions. The information received shall in any event be subject to professional secrecy requirements at least equivalent to those referred to in Article 50(1).

2. Member States may authorise the disclosure of certain information to other national authorities responsible by law for the supervision of the financial markets, or with designated responsibilities in the field of combating or investigating money laundering, its predicate offences or terrorist financing. The professional secrecy requirements laid down Article 50(1) and (3) shall not prevent such disclosure.

However, confidential information exchanged pursuant to this paragraph shall only be used for the purpose of performing the legal tasks of the authorities concerned. Persons having access to such information shall be subject to professional secrecy requirements at least equivalent to those referred to in Article 50(1).

3. Member States may authorise the disclosure of certain information relating to the supervision of obliged entities for compliance with the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final] to parliamentary inquiry committees, courts of auditors and other entities in charge of enquiries in their Member State, under the following conditions:

(a)the entities have a precise mandate under national law to investigate or scrutinise the actions of supervisors or authorities responsible for laws on such supervision;

(b)the information is strictly necessary for fulfilling the mandate referred to in point (a);

(c)the persons with access to the information are subject to professional secrecy requirements under national law at least equivalent to those referred to in paragraph 1;

(d)where the information originates in another Member State, it shall not be disclosed without the express consent of the supervisor which disclosed it and solely for the purposes for which that supervisor gave its consent.

Section 3

Guidelines on cooperation

Article 52

AML/CFT cooperation guidelines

By [2 years after the date of transposition of this Directive], AMLA shall, in cooperation with the ECB, the European Supervisory Authorities, Europol, Eurojust, and the European Public Prosecutor’s Office, issue guidelines on:

(a)the cooperation between competent authorities under Section 1 of this Chapter, as well as with the authorities referred to under Section 2 of this Chapter and the authorities in charge of the registers referred to in Section 1 of Chapter II of this Directive, to prevent money laundering and terrorist financing;

(b)the procedures to be used by authorities competent for the supervision or oversight of obliged entities under other Union acts to take into account money laundering and terrorist financing concerns in the performance of their duties under their respective Union acts.

CHAPTER VI

DATA PROTECTION

Article 53

Processing of certain categories of personal data

1. To the extent that it is strictly necessary for the purposes of this Directive, competent authorities may process special categories of personal data referred to in Article 9(1) of Regulation (EU) 2016/679 and personal data relating to criminal convictions and offences referred to in Article 10 of that Regulation subject to appropriate safeguards for the rights and freedoms of the data subject and the following additional safeguards:

(a)processing of such data shall be performed only on a case-by-case basis by the staff of each competent authority that have been specifically designated and authorised to perform those tasks;

(b)staff of the competent authorities shall maintain high professional standards of confidentiality and data protection, they shall be of high integrity and are appropriately skilled;

(c)technical and organisational measures shall be in place to ensure the security of the data to high technological standards.

2. The safeguards referred to in paragraph 1 shall also apply to the processing for the purposes of this Directive of special categories of data referred to in Article 10(1) of Regulation (EU) 2018/1725 and personal data relating to criminal convictions and offences referred to in Article 11 of that regulation by Union institutions, agencies or bodies.

CHAPTER VII

FINAL PROVISIONS

Article 54

Committee

1. The Commission shall be assisted by the Committee on the Prevention of Money Laundering and Terrorist Financing established by Article 28 of Regulation [please insert reference – proposal for a recast of Regulation (EU) 2015/847 - COM/2021/422 final]. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.

2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

Article 55

Transitional management of FIU.net

At the latest by [3 years after the date of entry into force of this Directive], the Commission shall transfer to AMLA the management of FIU.net.

Until such transfer is completed, the Commission shall lend the necessary assistance for the operation of FIU.net and the exchange of information between FIUs within the Union. To this end, the Commission shall regularly convene meetings of the EU FIU’s Platform composed of representatives from Member States’ FIUs in order to oversee the functioning of FIU.net.

Article 56

Review

By [5 years from the date of transposition of this Directive], and every three years thereafter, the Commission shall present a report to the European Parliament and to the Council on the implementation of this Directive.

Article 57

Repeal

Directive (EU) 2015/849 is repealed with effect from [date of transposition].

References to the repealed Directive shall be construed as references to this Directive and to Regulation [please insert reference – proposal for Anti-Money Laundering Regulation] in accordance with the correlation table set out in the Annex.

Article 58

Transposition

1. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by [please insert date - 3 years after the date of entry into force] at the latest. They shall forthwith communicate to the Commission the text of those provisions.

When Member States adopt those measures, they shall contain a reference to this Directive or be accompanied by such a reference on the occasion of their official publication. Member States shall determine how such reference is to be made.

2. Member States shall communicate to the Commission the text of the main provisions of national law which they adopt in the field covered by this Directive.

Article 59

Entry into force

This Directive shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

Article 60

Addressees

This Directive is addressed to the Member States.

Done at Brussels,

(1)    Europol, ‘From suspicion to action: Converting financial intelligence into greater operational impact’, 2017.

(2)    Communication from the Commission - Towards better implementation of the EU's anti-money laundering and countering the financing of terrorism framework (COM/2019/360 final), Report from the Commission on the assessment of recent alleged money laundering cases involving EU credit institutions, (COM/2019/373 final), Report assessing the framework for cooperation between FIUs (COM/2019/371 final); Supranational Risk Assessment Report (COM/2019/370 final).

(3)    COM(2020) 605 final

(4)    Communication from the Commission on an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing (C/2020/2800), OJ C 164, 13.5.2020, p.21-33.

(5)    COM/2021/420 final

(6)    Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).

(7)    COM/2021/421 final

(8)    COM/2021/422 final

(9)    European Parliament resolution of 10 July 2020 on a comprehensive Union policy on preventing money laundering and terrorist financing – the Commission’s Action Plan and other recent developments (2020/2686(RSP)), P9_TA(2020)0204.

(10)    Council Conclusions on anti-money laundering and countering the financing of terrorism, 12608/20.

(11)    All references to “current EU AML/CFT legislation” in this Explanatory Memorandum should be taken as referring to this Directive.

(12)    Directive (EU) 2019/1153 of the European Parliament and of the Council of 20 June 2019 laying down rules facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of certain criminal offences, and repealing Council Decision 2000/642/JHA (OJ L 186, 11.7.2019, p.122 – 137).

(13)    Directive (EU) 2018/1673 of the European Parliament and of the Council of 12 November 2018 on combating money laundering through criminal law.

(14)    Directive (EU) 2017/541 of the European Parliament and of the Council of 15 March 2017 on combating terrorism and replacing Council Framework Decision 2002/475/JHA and amending Council Decision 2005/671/JHA (OJ L 88, 31.3.2017, p. 6-21).

(15)    Directive (EU) 2019/1153 of the European Parliament and of the Council of 1 1July 2019 laying down rules facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of certain criminal offences, and repealing Council Decision 2000/642/JHA.

(16)    Directives (EU) 2015/2366, 2014/92 and 2009/110 respectively.

(17)    Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.

(18)    Commission Staff Working Document - Impact Assessment Report Accompanying the package of Commission legislative proposals regarding Anti-Money Laundering and Countering of Financing of Terrorism (AML/CFT), and law enforcement, including:

(19)    General Data Protection Regulation (Regulation (EU) 2016/679), and Internal Data Protection Regulation for EU institutions, bodies, offices and agencies (Regulation (EU) 2018/1725).

(20)    OJ C [...], [...], p. [...].

(21)    OJ C , , p. .

(22)    Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).

(23)    Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (OJ L 156, 19.6.2018, p. 43).

(24)    Council Decision 2009/316/JHA of 6 April 2009 on the establishment of the European Criminal Records Information System (ECRIS) in application of Article 11 of Framework Decision 2009/315/JHA (OJ L 93, 7.4. 2009, p. 33).

(25)    Council Framework Decision 2009/315/JHA of 26 February 2009 on the organisation and content of the exchange of information extracted from the criminal record between Member States (OJ L 93, 7.4. 2009, p. 23).

(26)    2010/413/CFSP: Council Decision of 26 July 2010 concerning restrictive measures against Iran and repealing Common Position 2007/140/CFSP (OJ L 195, 27.7.2010, p. 39).

(27)    Council Decision (CFSP) 2016/849 of 27 May 2016 concerning restrictive measures against the Democratic People's Republic of Korea and repealing Decision 2013/183/CFSP (OJ L 141, 28.5.2016, p. 79).

(28)    Council Regulation (EU) No 267/2012 of 23 March 2012 concerning restrictive measures against Iran and repealing Regulation (EU) No 961/2010 (OJ L 88, 24.3.2012, p. 1).

(29)    Council Regulation (EU) 2017/1509 of 30 August 2017 concerning restrictive measures against the Democratic People's Republic of Korea and repealing Regulation (EC) No 329/2007 (OJ L 224, 31.8.2017, p. 1).

(30)    Directive (EU) 2017/1132 of the European Parliament and of the Council of 14 June 2017 relating to certain aspects of company law (OJ L 169, 30.6.2017, p. 46).

(31)    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

(32)    Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338).

(33)    Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes (OJ L 173, 12.6.2014, p. 149).

(34)    Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No 1093/2010 and (EU) No 648/2012, of the European Parliament and of the Council (OJ L 173, 12.6.2014, p. 190).

(35)    Directive 2014/92/EU of the European Parliament and of the Council of 23 July 2014 on the comparability of fees related to payment accounts, payment account switching and access to payment accounts with basic features (OJ L 257, 28.8.2014, p. 214).

(36)    Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35).

(37)    Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

(38)    Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).

(39)    Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).

(40)    OJ C 369, 17.12.2011, p. 14.

(41)    OJ C , , p. .

(42)    Regulation (EU) No 952/2013 of the European Parliament and of the Council of 9 October 2013 laying down the Union Customs Code (OJ L 269, 10.10.2013, p. 1).

(43)    Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005 (OJ L 284, 12.11.2018, p. 6).

(44)    Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7).

(45)    Directive (EU) 2018/1673 of the European Parliament and of the Council of 23 October 2018 on combating money laundering by criminal law (OJ L 284, 12.11.2018, p. 22).

(46)    Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).

(47)    Regulation (EU) No 260/2012 of the European Parliament and of the Council of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009 (OJ L 94, 30.3.2012, p. 22).

(48)    Commission Regulation (EU) No 389/2013 of 2 May 2013 establishing a Union Registry pursuant to Directive 2003/87/EC of the European Parliament and of the Council, Decisions No 280/2004/EC and No 406/2009/EC of the European Parliament and of the Council and repealing Commission Regulations (EU) No 920/2010 and No 1193/2011 (OJ L 122, 3.5.2013, p.1-59).

(49)    Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC (OJ L 182, 29.6.2013, p. 19).

(50)    Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (OJ L 287, 29.10.2013, p. 63).

(51)    Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (OJ L 157, 9.6.2006, p. 87–107).

(52)    Regulation (EU) No 537/2014 of the European Parliament and of the Council of 16 April 2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC (OJ L 158, 27.5.2014, p. 77).

EUROPEAN COMMISSION

Brussels, 20.7.2021

COM(2021) 423 final

ANNEX

to the Proposal for a

DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849

ANNEX

Correlation table