COMMUNICATION FROM THE COMMISSION

on an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing

(2020/C 164/06)

I.   Introduction

The Commission is strongly committed to the fight against money laundering and terrorist financing both within the EU and globally. There should be zero tolerance for illicit money within the European Union. The recent increase in criminal activities in the context of the COVID-19 pandemic (1) is a reminder that criminals will exploit all possible avenues to pursue their illicit activities to the detriment of society. The EU needs to be equally determined in ensuring that they do not benefit from the proceeds of these crimes.

Over thirty years, the EU has developed a solid regulatory framework for preventing and combatting money laundering and terrorist financing, substantiated by case law of the EU Court of Justice (2). EU rules are far-reaching and go beyond the international standards adopted by the Financial Action Task Force (FATF) (3). The scope of the undertakings and professions subject to these rules has expanded steadily.

Recent developments in legislation have aimed to strengthen the EU anti-money laundering and countering the financing of terrorism (AML/CFT) framework. These include amendments to the 4th Anti-Money Laundering Directive (4AMLD) introduced by the 5th Anti-Money Laundering Directive (5AMLD) (4), an upgraded mandate for the European Banking Authority (5), new provisions that will apply to cash controls (6) starting from June 2021, amendments to the Capital Requirements Directive (CRDV) (7), new rules on access to financial information by law enforcement authorities (8) and a harmonised definition of offences and sanctions related to money laundering (9).

In addition, the EU established a new comprehensive whistle-blower protection regime, to be transposed by December 2021 (10), which complements existing rules on whistle-blower protection in the 4AMLD. The new regime will strengthen the ability of national and EU authorities to prevent, detect and address breaches to, amongst other, anti-money laundering and countering the financing of terrorism rules.

Nevertheless, there is growing consensus that the framework needs to be significantly improved. Major divergences in the way it is applied and serious weaknesses in the enforcement of the rules need to be addressed.

In its Communication Towards better implementation of the EU’s anti-money laundering and countering the financing of terrorism framework (11) and accompanying reports of July 2019, the Commission set out the measures needed to ensure a comprehensive EU policy on preventing money laundering and countering the financing of terrorism (AML/CFT). These include better implementation of existing rules, a more detailed and harmonised rulebook, high-quality and consistent supervision, including by conferring specific supervisory tasks to an EU body, interconnection of centralised bank account registries and a stronger mechanism to coordinate and support the work of the Financial Intelligence Units (FIUs).

This view is supported by the European Parliament and the Council. In its resolution of 19 September 2019 (12), the European Parliament called for more impetus to be given to initiatives that could reinforce AML/CFT actions at EU level and for speedy transposition of EU rules by Member States. On 5 December 2019, the Economic and Financial Affairs Council adopted conclusions on strategic priorities for AML/CFT (13), inviting the Commission to explore actions that could enhance the existing framework.

The Commission intends to implement a comprehensive AML/CFT policy, adapted to the specific threats, risks and vulnerabilities currently facing the EU (14) and designed in a manner that can evolve efficiently while taking into account innovation. A stronger AML/CFT framework will further promote the integrity of the EU financial system, which is necessary to complete the implementation of the Banking Union and the Economic and Monetary Union.

Subject to an impact assessment, including of impacts on fundamental rights, an integrated EU AML/CFT system should be put in place. Building on the example of the reforms introduced in the field of prudential banking regulation and supervision, the system should rest on a harmonised rulebook and an EU-level supervisor that works in close cooperation with national competent authorities, with a view to ensuring high-quality and consistent supervision across the Single Market. This should be coupled with the establishment of an EU support and coordination mechanism for FIUs, which enhances their effectiveness, and with the interconnection of the national centralised bank account registries, which will speed up cross-border access by law enforcement authorities and FIUs to bank account information.

This action plan outlines how the Commission intends to deliver on these objectives, building on six pillars:

—	Ensuring the effective implementation of the existing EU AML/CFT framework;

—	Establishing an EU single rule book on AML/CFT;

—	Bringing about EU level AML/CFT supervision;

—	Establishing a support and cooperation mechanism for FIUs;

—	Enforcing Union-level criminal law provisions and information exchange;

—	Strengthening the international dimension of the EU AML/CFT framework.

II.   Ensuring the effective implementation of the existing EU AML/CFT framework

The first priority is to ensure that EU AML/CFT rules are rigorously and effectively implemented by Member States, competent authorities and obliged entities. This requires action on several fronts.

Ensuring effective transposition and implementation of the AMLD

In relation to the transposition of the 4AMLD, the Commission launched infringement proceedings against all Member States for failure to fully transpose the Directive. Several Member States responded to such infringements by adopting new laws, leading to the closure of the relevant infringement proceedings. Infringements against other Member States are still ongoing. A study assessing the effective application of the 4AMLD in the Member States will be completed by mid-2021 and will feed into the Report that the Commission has to present on the effective application of the 4AMLD (15).

In relation to the transposition of the 5AMLD, which was due by 10 January 2020, the Commission has already launched a number of infringement proceedings against those Member States that failed to notify any transposing measures. The Commission will closely monitor the setting up of the central bank account mechanisms and the beneficial ownership registers by Member States in order to ensure that they are populated with high-quality data.

Work on interconnecting the beneficial ownership registers has already started and the interconnection will be operational in 2021. The Commission will also issue the 3rd Supranational Risk Assessment (SNRA) in 2021 in order to inform the risk-based approach.

Monitoring the capacity of Member States to prevent and fight money laundering and terrorist financing

Money laundering is detrimental not only to the stability of the EU financial system, but also to the economy, to good governance and to investor confidence. Under the European Semester cycle, the Commission analyses how AML/CFT rules are applied in practice in the Member States, which results in AML/CFT-related country specific recommendations adopted by the Council. The Commission furthermore provides technical support to Member States in implementing these necessary reforms in order to close some of the most important loopholes in the EU AML/CFT system through its Structural Reform Support Programme. These include insufficient staffing in the competent authorities, shortcomings in the application of the risk-based approach, and mitigating risks from the misuses of shell companies, golden visas and citizenship schemes.

The European Banking Authority (EBA)

The mandate of the EBA has recently been strengthened through Regulation (EU) 2019/2175 (16), which entrusted the EBA with the responsibility to lead, coordinate and monitor AML/CFT efforts of all EU financial services providers and competent authorities. The EBA is also empowered to establish an EU-wide AML/CFT database of risks and supervisory actions, performing risk assessments on competent authorities and, when required, asking authorities to investigate and consider taking action in relation to individual financial institutions. The Commission expects the EBA to make full use of its strengthened powers, particularly in relation to investigating whether a national supervisor has breached Union law in carrying out its tasks. The EBA has already started carrying out implementation reviews and published a first report in February 2020 (17). This report points to a number of challenges and finds that ‘competent authorities’ approaches to the AML/CFT supervision of banks were not always effective’.

As set out in Section IV, establishing an EU-level supervisor will increase compliance with the rules. This will ensure that adequate action is taken in order to prevent money laundering from occurring in the first place and that, when this cannot be achieved, effective sanctions are imposed. The new EU-level supervisor will be designed in such a manner that ensures it has the necessary AML/CFT competences, investigative capacity and powers, and decision making structure to implement rules more effectively and act in a preventive way whenever suspicions arise to ensure effective application of the single rulebook. The Commission is of the view that on-site inspections to assess the effectiveness of the AML/CFT framework in Member States will be critical to bring about high-quality standards across the Union.

The Commission will continue to ensure complete and correct transposition of AML/CFT rules and will propose country-specific recommendations on AML/CFT in Q2 2020.

III.   Delivering a reinforced rulebook

The EU legal framework is far-reaching. It has progressively expanded the scope of so-called obliged entities (18) and the list of predicate crimes, put greater emphasis on beneficial ownership and the risk-based approach and largely removed obstacles to communication and cooperation between relevant authorities. This framework provides Member States with a comprehensive regulatory environment to combat money laundering and terrorism financing.

However, the current approach to EU legislation has resulted in diverging implementation of the framework across Member States and, partly, in the setting of additional requirements that go beyond those implied by EU law. Examples of such measures are the identification of additional obliged entities like crowdfunding platforms or diamond dealers, the granting of powers to FIUs to freeze assets and the introduction of limitations to payments in cash (19). The consequence is a fragmented legislative landscape across the EU, creating additional costs and burdens for those providing cross-border services or causing regulatory shopping, with businesses registering where rules are more relaxed.

The lack of detail in the applicable rules and on the division of responsibilities with regard to cross-border issues results in differing interpretations of the Directive across Member States. Inadequate cooperation among competent authorities (FIUs, supervisors, law enforcement and customs and tax authorities), both domestically and across borders, creates potential loopholes that can be exploited by criminals. The European Supervisory Authorities have further noted (20) that divergences in regulatory approach to supervision and in the application of the risk-based approach undermine the provision of cross-border services and increase costs for undertakings, while also undermining the smooth functioning of the EU AML/CFT framework. This issue is particularly relevant in the area of FinTech, and the EBA has recommended that the Commission harmonise the requirements that should apply to these firms (21), when they pose money laundering / terrorism financing risks.

EU AML/CFT legislation needs to become more granular, more precise and less subject to diverging implementations. Certain additional requirements imposed by Member States when transposing AML Directives might however contribute to a stronger AML/CFT framework and could be integrated into the future EU rulebook. To limit divergences in the interpretation and application of the rules, certain parts of the AMLD should be turned into directly applicable provisions set out in a Regulation. At a minimum, this should include the provisions laying down the list of obliged entities, customer due diligence requirements, internal controls, reporting obligations, as well as the provisions on beneficial ownership registers and central bank account mechanisms. A more harmonised approach to the identification of politically exposed persons should also be considered. Particular attention should be paid to the effectiveness of the system by providing more details regarding the structure and tasks of supervision in respect of all obliged entities and the tasks of FIUs (see next sections). An integrated EU AML/CFT system will also need a sufficiently detailed rulebook to facilitate direct supervision.

In addition, in respect of specific rules, further harmonisation could be achieved by means of empowerments to adopt more detailed rules through delegated or implementing acts to adapt to evolving situations.

The scope of EU legislation needs to be expanded to address the implications of technological innovation and developments in international standards. Work at international level suggests a need to expand the scope of sectors or entities covered by AML/CFT rules and to assess how they should apply to virtual assets service providers not covered so far (22). Other measures might include facilitating the use of digital identification for remote customer identification and verification of customer identity as well as to establish business relationships remotely, or introducing a ceiling for large cash payments. In addition, an EU-wide interconnection of central bank account mechanisms is necessary to speed up access by law enforcement authorities and FIUs to financial information and facilitate cross-border cooperation.

Given the increase in cyber-related financial crime and fraud in particular, provisions could be considered that facilitate administrative freezing for FIUs and that oblige financial institutions to follow up and execute recall requests. Further risks arise from investor citizenship and residence schemes. Due consideration will have to be given to how these risks can be mitigated. Consideration should also be given to risky sectors identified through the SNRA exercise.

While working on introducing such new measures, it will be important to keep additional financial and administrative burdens for Member States and obliged entities to a minimum, and to follow a risk-based approach.

Faced with increased penalties for AML/CFT shortcomings, obliged entities have looked for ways to reinforce compliance, from allocating extra resources and setting up extensive remediation programs, to radically reviewing their business models, to exiting some products, clients or markets, including correspondent banking. This might create unintended consequences to the provision of financial services and to the financing of the economy. Technological solutions, which might help to improve detection of suspicious transactions and activities, must be in line with international and EU standards on AML/CFT and conform to other EU rules, including on data protection and antitrust.

As the Union’s AML/CFT rules do not intend to deny access to legitimate financial services, more clarity is needed on how AML/CFT rules link up with other legislation in the financial sector (23). Consideration should be given as to whether and in what circumstances money laundering or terrorism financing could lead to the declaration of failing or likely to fail and potentially trigger the resolution of a bank under the Bank Recovery and Resolution Directive (24) or the winding up according to normal insolvency proceedings and the need to reimburse depositors. The Deposit Guarantee Schemes Directive (25) could benefit from clearer provisions in order to further reduce the risk that depositors suspected of money laundering or terrorism financing (ML/TF) activities are reimbursed in a pay-out by a deposit guarantee scheme (DGS), while also clarifying the roles of the DGSs and other relevant AML/CFT authorities. How to reconcile the obligation under the Payment Account Directive (26) to provide a basic account to any customer with the AML/CFT obligation to terminate the business relationship if obliged entities have suspicions about the customer or cannot obtain updated client information would also merit further consideration. Finally, a review will be needed to assess whether the categories of payment service providers currently covered by AML/CFT legislation are adequate.

The financial services frameworks could be further developed to ensure that prudential supervisors have concrete obligations to share information with their AML/CFT counterparts. The fit and proper tests required in financial services legislations should apply stricter AML/CFT conditions.

The obliged entities, when accessing information relevant for carrying out customer due diligence, and public authorities exchanging information between them, including outside the EU, must fully comply with the EU data protection legislation. For example, providing obliged entities with access to certain publicly owned registers might raise data protection concerns. The difficulty to ensure compliance with data protection and confidentiality was also mentioned in the context of exchange of information between competent authorities. These issues should be duly addressed.

The Commission will table legislative proposals in Q1 2021 to deliver a single rulebook in the field of AML/CFT, based on a thorough impact assessment.

IV.   Bringing about EU-level AML/CFT supervision

Supervision sits at the heart of an effective AML/CFT framework. The importance of adequate supervision was confirmed in the AML package of July 2019, where the analysis of several money laundering cases revealed significant shortcomings with respect to credit institutions’ risk management and their surveillance by both AML/CFT and prudential supervisors. At the same time, recent alleged money laundering cases brought to light by investigative media outlets also point to flawed supervision of non-financial entities.

These striking issues are the result of both the design of the supervisory framework and its implementation. AML/CFT supervision within the EU is currently Member State-based. Its quality and effectiveness are uneven across the EU, due to significant variations in human and financial resources, skills and priority devoted to this task. The Union does not have in place sufficiently effective arrangements to handle AML/CFT incidents involving cross-border aspects. The EU’s AML/CFT framework is only as strong as its weakest link, and failings in one national competent authority create risks for the whole of the Single Market. The EU as a whole suffers financial, economic and reputational damage as a consequence.

The EU cannot afford to wait for more issues to arise before building an effective AML/CFT supervisory system that contributes to the smooth functioning of the Single Market and the Banking Union. High-quality AML/CFT supervision throughout the EU is imperative for restoring trust among its citizens and the wider international community.

There is a clear and evidenced need to have in place an integrated AML/CFT supervisory system at EU level that ensures consistent high-quality application of the AML/CFT rulebook throughout the EU and promotes efficient cooperation between all relevant competent authorities. While the sectors and issues at stake may widely differ, experiences from the establishment and functioning of existing EU-level mechanisms entrusted with centralised supervisory tasks, such as the Single Supervisory Mechanism, the Single Resolution Board and the European System of Financial Supervisors, can provide useful insights.

Creating an EU-level AML/CFT supervisory system to integrate and supplement the national ones will address supervisory fragmentation, ensure harmonised application of AML/CFT rules in the EU and their effective enforcement, offer support for on-the-spot supervisory activities and ensure a constant flow of information regarding ongoing measures and significant identified shortcomings. The national supervisors will continue to be a vital element of this system and will remain in charge of most day-to-day supervision. Establishing the EU core of this system is a priority, and its functions, competences and interaction with national supervisors will need to be clearly defined in a legislative proposal.

The functions of the EU-level AML/CFT supervisor

The EU-level AML/CFT supervisor will need to be entrusted with very clear powers to oversee and instruct national authorities to carry out different AML/CFT related tasks, and to enhance coordination with supervisors from outside the EU. A formalised process should define the interplay and respective powers of EU and national supervisors.

The need to ensure high-quality supervision in cross-border cases and to avoid weak links in the EU supervisory framework provide compelling reasons for an EU body to be entrusted with direct AML/CFT supervisory tasks over certain obliged entities for which it could have exclusive or joint responsibility. This implies the ability to review the internal policies, procedures and controls as well as their effective implementation by supervised entities, along with reviewing documentation on transactions and customers. The Union supervisor could be tasked, on its own or jointly with the national supervisor, with carrying out supervision of clearly defined obliged entities or types of activities for a given period of time, based on the degree of risk posed. The EU supervisor would bring added value by monitoring and assessing risks across the EU. Drawing inspiration from the set-up of EU bodies active in other fields, EU supervision could be ensured by a mechanism featuring decisions taken at EU level and enforced by EU desks in the Member States.

Another option could be to combine direct supervisory powers for some types of obliged entities, to be carried out in coordination with Member States, with coordination and oversight powers for other entities. The Commission will propose a supervisory mechanism that accounts for the principles of proportionality and subsidiarity and complies with existing case law in relation to powers that may be conferred upon Union agencies.

Scope of EU-level supervision

Money laundering risks occur both within and outside the financial sector and evolve over time and from one Member State to another. Bringing about more effective supervision would require the mandate of an EU AML/CFT supervisor to cover all risk areas from the outset, recognising the serious nature of risks facing all sectors. This would ensure that the EU supervisor has, from the outset, all necessary tools to harmonise practices across the EU and ensure high-level supervision across all sectors. Given the complexity of the tasks and the sheer number of obliged entities EU-wide, the AML/CFT supervisor may also be devised in an incremental way, allowing it, as it consolidates and proves its effectiveness, to cover all (financial and non-financial) sectors subject to AML/CFT obligations.

As an alternative, the EU supervisor could be directly in charge of the financial sector as part of an integrated system with national supervisor and be responsible for the indirect supervision of the non-financial sector. Indirect supervision of the non-financial sector would allow the EU body to step in, where deemed necessary to ensure high quality supervision of the non-financial sector across the Union.

Other options, implying a narrower scope, would entail the EU supervisor overseeing only financial institutions, which account for the largest part of all financial transactions. Centralising supervision in this sector could be achieved more easily given it is already regulated and supervised to a large extent. However, this option would leave weak links in the EU supervisory framework and fail to ensure an effective AML/CFT system.

In all cases, the risk-based approach to AML/CFT supervision, as enshrined in both Union law and international standards, requires the identification of ML/TF risk factors and allocating supervisory resources based on the outcomes of a dedicated risk assessment. The EU-level supervision must be designed to account for risk and further develop the expertise gained in this respect by national supervisors.

Finally, it could also be explored whether such supervisor should be entrusted with some competences to monitor and to support the implementation of asset freezes under EU restrictive measures (sanctions) across Member States. While the tasks and challenges at hand might differ in various dimensions between AML/CFT and restrictive measures, there are also some common challenges and synergies that are worth assessing.

Which EU body?

The task of ensuring EU-level supervision may either be granted to an existing EU agency, namely the EBA, or to a new, dedicated body.

Recently adopted legislation requires the EBA to lead, coordinate and monitor efforts to strengthen AML/CFT measures across the EU in respect of financial institutions. Entrusting the EBA with additional AML/CFT supervisory responsibilities would have clear advantages in terms of ensuring continuity and swift operation. However, this option would also require a significant reform of the EBA as well as significant building of knowledge and competences in AML/CFT. Its governance and decision-making processes would need to be significantly reviewed to guarantee that supervisory decisions are always taken independently, in the sole interest of the EU. Furthermore, it would need to enhance its investigatory capacity and power. Given its mandate and capabilities, supervision of obliged entities beyond the financial sector might prove challenging to organise at EBA level.

Alternatively, a new, dedicated EU AML supervisory body could be established that would be competent for supervising obliged entities in both the financial and the non-financial sector. This would allow maximum flexibility to design a tailored system in terms of organisation and governance, with simplified and swift decision-making processes to respond to risks quickly, as well as synergies with the coordination and support mechanism for FIUs (see next section). It may however take longer before a new body could become operational, costs could be relatively higher and execution risks would have to be accounted for. Depending on the tasks this body would receive, the risk of unnecessary overlaps and/or inconsistencies with the work of other supervisory authorities like the EBA should be avoided.

The budgetary impact of any option would be a key consideration. Particularly in the current economic context, a strong case could be made for ensuring funding of the supervisory activities through contribution by the supervised private sector entities, as is already the case for several EU bodies.

The Commission will table proposals to set up an EU-level AML/CFT supervisor in Q1 2021, based on a thorough impact assessment of options regarding its functions, scope and structure.

V.   Establishing a coordination and support mechanism for FIUs

The current EU framework requires obliged entities to report all suspicious transactions to the national FIU. Reporting by obliged entities and cash-related data provided by customs authorities form the basis on which FIUs produce financial analyses, which are then transmitted to law enforcement authorities, supervisors, tax authorities or other FIUs. These are used, for example, by law enforcement authorities in criminal investigations. The strategic analysis of trends and patterns by FIUs also feeds into guidance and feedback to obliged entities to assist them in identifying patterns in money laundering and terrorist financing.

A number of weaknesses have been identified with respect to how they apply the rules and cooperate between themselves and with other authorities at domestic level and across the EU.

Domestically, the use of templates for reporting by obliged entities is still limited, and these are often tailored to the needs of specific businesses (e.g. banks). Several FIUs still lack the necessary IT tools to effectively process and analyse the information.

FIUs are obliged to give feedback to obliged entities in relation to their reporting. However, such feedback remains limited. Feedback is close to non-existent when obliged entities’ reports concern another Member State. This lack of feedback leaves obliged entities without the necessary tools to adjust or target their preventive measures.

The limited information exchange between FIUs and other competent authorities is of great concern given the cross-border nature of much money laundering and terrorism financing. For example, although customs authorities in the EU provide FIUs with cash-related data on a regular basis, they very rarely receive feedback from them, which is crucial for a more concrete and effective risk analysis.

Challenges in the functioning and hosting of the FIU.net – the EU system for information exchange among FIUs – also demand action given that it is an old IT tool, which requires substantial upgrade of both its software and hardware as well as the development of new functionalities to facilitate cooperation.

Most suspicious transactions reported to FIUs have a cross-border dimension, but joint analysis remains limited. This results in missing links to identify cross-border cases. Advanced capabilities to analyse such information in a cross-border context is necessary, especially in the light of the ever-increasing complexity of money laundering cases.

Role of an EU-level coordination and support mechanism

An FIU coordination and support mechanism at EU level would remedy the above weaknesses. This mechanism would take a leading role to coordinate the work of national FIUs. This should include identification of suspicious transactions with a cross-border dimension, joint analysis of cross-border cases, identification of trends and factors relevant to assessing the risks of money laundering and terrorist financing at national and supranational level. The mechanism should also adopt or propose implementing measures or standards as mandated by the more harmonised provisions of the rulebook on FIUs’ reporting obligations and FIUs’ features, activities, cooperation, templates, as well as promote training and capacity building for FIUs. The EU-level coordination and support mechanism should also enhance cooperation among competent authorities (FIUs, supervisors, law enforcement and customs and tax authorities), both domestically and across borders, and with FIUs from outside the EU.

There would be merits in building a more central capacity, based on IT tools, which would identify cross-border suspicious transactions and facilitate the identification of trends.

The sustainability of the FIU.net, currently managed by Europol, is also important in this context. There is an urgent need to invest in its development to overcome the current problems hampering information exchange and data matching. Given the planned transfer of the technical administration of the system from Europol, an appropriate and financially viable solution should be identified. In the short term, the Commission will take over the management of the FIU.net in order to ensure the continuous and uninterrupted functioning of the system (27). In the longer term, the EU coordination and support mechanism could be tasked with hosting the FIU.net or its successor. Other suitable solutions could be considered.

The body responsible for an EU-level coordination and support mechanism

The task of providing a support and coordination mechanism for FIUs will depend on the role that is envisaged for this mechanism.

In keeping with the objective to have a broad role for this coordination and support mechanism that aims at addressing all the elements analysed above, its management could be ensured by an existing EU agency or by a new, dedicated body. In case a new EU body is created for supervisory issues, it could be given the task of administering this mechanism as well. For this purpose, it is worth noting that twelve FIUs in the EU currently have supervisory tasks for at least the non-financial sector, while some of them have supervisory tasks for all sectors.

A narrower role for the coordination and support mechanism would address some of the identified shortcomings, but would not result in an effective EU-level coordination and support mechanism. Several options could be envisaged under such circumstances. For example, if the tasks are confined to issuing draft regulatory standards and guidelines, this could be achieved by transforming the FIU Platform, currently an informal Commission committee, into a comitology committee and leaving it to the Commission to adopt the outcomes of its work through delegated or implementing acts. A formal Network of FIUs with its own mandate and tasks could be an alternative.

Whatever shape the coordination and support mechanism takes, its governance and decision-making processes should be sufficiently independent, while working as a network of national FIUs with an EU centre.

The Commission will table proposals to establish an EU coordination and support mechanism for FIUs in Q1 2021, based on a thorough impact assessment of options regarding its role and structure. The Commission will take over the management of the FIU.net in Q4 2020.

VI.   Enforcing Union-level criminal law provisions and Information exchange

Several legislative instruments and institutional arrangements facilitate the enforcement of criminal law provisions and information exchange at EU level.

Recent measures have closed loopholes in the definition and sanctioning of money laundering across the EU and facilitated judicial and police cooperation (28). The Commission will monitor their timely transposition and implementation. The use of financial information for serious offences has also been enhanced by giving law enforcement authorities direct access to the central bank account mechanism, whilst improving cooperation between law enforcement authorities, FIUs and Europol for such serious offences (29). These measures will speed up criminal investigations and enable authorities to combat cross-border crime more effectively. An EU-wide interconnection of central bank account mechanisms will speed up access for law enforcement authorities and FIUs to financial information and facilitate cross-border cooperation, and should in any case also include law enforcement authorities. Such interconnection should be considered as a matter of priority.

Crucial standards for the recovery of criminal proceeds have been established (30). The Commission will publish a report in 2020 to give an overview of how these rules are implemented and present ways to improve the role of asset recovery offices. New measures that will apply as of December 2020 (31) will facilitate cross-border asset recovery and make the freezing and confiscation of criminal assets across the EU quicker and simpler.

At the same time, it is also critical to build capacity at EU level to investigate and prosecute financial crime.

Europol has stepped up its efforts in order to tackle economic and financial crime with the new European Economic and Financial Crimes Centre (EFECC), which should become operational in the course of 2020. The EFECC will concentrate all financial intelligence and economic crime capabilities in a single entity within Europol and will strive to reinforce operational effectiveness, increase operational visibility, and enhanced stakeholder management and funding opportunities. The Commission fully supports the establishment of the EFECC and considers that it underlines the importance of financial investigation across all crime areas for which Europol has competence.

The Commission considers that the EFECC would be a natural counterpart to the EU support and coordination mechanism for FIUs and that the two entities might develop solutions to boost exchanges of information, particularly in cross-border cases.

To improve investigation and prosecution of money laundering cases across the EU, the Commission funds (32) the Anti-Money Laundering Operational Network (AMON), which connects relevant law enforcement authorities. The network facilitates cross-border financial investigations and has global outreach. Its work should be enhanced and promoted and the network should be equipped with an operational budget to support concrete cases. All EU Member States should join it. Moreover, Member States should continue to make use of the support of Eurojust to facilitate cross-border cooperation in support of anti-money laundering prosecutions. Finally, the European Public Prosecutor’s Office, due to take up operations end 2020, will be competent to investigate and prosecute money laundering offences linked to crimes against the EU budget.

There remains scope to enhance and promote information exchange among all competent authorities (FIUs, supervisors, law enforcement and customs and tax authorities), both domestically and across borders.

In the context of making better use of financial intelligence, the role of public-private partnerships (PPPs) should be encouraged to the extent possible, as in some cases the nature of information might limit its sharing and such sharing must comply with data protection law. PPPs involve sharing information between law enforcement authorities, FIUs and the private sector. They can take various forms. Some are limited to exchanges of information on typologies and trends by FIUs and law enforcement to obliged entities. Others consist of sharing operational information on intelligence suspects by law enforcement authorities to obliged entities for the purposes of monitoring the transactions of these suspects. Any sharing of information that includes personal data must fully comply with data protection legislation and respect the mandates of the authorities involved.

The current EU AML/CFT framework already requires FIUs to share typologies and trends with the private sector. This obligation could be clarified and enhanced, as part of facilitating some types of PPPs and improving information sharing. At the same time, due to differences in the legal frameworks and practical arrangements across Member States, the Commission considers it essential to have guidance and share good practices for PPPs in relation, in particular, to antitrust rules, safeguards and limitations in relation to data protection and guarantees on fundamental rights.

The Commission will issue guidance on PPPs by Q1 2021. As regards data protection aspects of PPPs, the Commission will consider the possibility of requesting the European Data Protection Board to issue an opinion. Options to strengthen the AMON network and to enhance domestic and cross-border information exchange among all competent authorities will be considered.

VII.   Strengthening the international Dimension of the AML/CFT framework

Money laundering and terrorism financing are global threats, which the EU is determined to fight in cooperation with its international partners. As the global standard-setter, the FATF has led the fight against money laundering and terrorism financing globally. The Commission actively contributes to the work of the FATF and remains committed to implementing FATF standards and to promoting compliance globally. Nevertheless, the new, comprehensive approach to AML/CFT that the EU needs requires a stronger role for the EU in setting such international standards.

The Commission endorsed, on behalf of the EU, the new FATF mandate (33) and intends to play a prominent role in reinforcing global standards and raising them to the level of the EU’s own standards in key areas. One example is transparency of beneficial ownership, where the EU has taken an ambitious approach to tackle the risks posed by opaque structures. Similarly, the Commission will actively support efforts to address new and emerging risks at global level. To succeed, it is essential that the EU speaks with one voice in the FATF. This could be achieved by giving the Commission the task of representing the European Union at FATF, in line with Treaty provisions. As a first step, an enhanced coordination mechanism among the Commission and Member States should be established to have EU representatives voicing coordinated positions at FATF.

Mutual evaluations conducted by the FATF help raise global compliance with international standards, as peer pressure remains a key driver for change. Until now, evaluations of EU Member States’ AML/CFT frameworks have failed to take into account the supranational nature of the EU rules adequately. This issue will become more significant if new structures, such as EU-level AML/CFT supervision and an FIU coordination and support mechanism, are introduced. The Commission’s objective is to ensure that when standards are implemented at EU level, they are assessed in a common manner. In this context, it could also be considered whether to have EU rules assessed by the FATF at EU level.

The Commission also needs to continue implementing an autonomous policy towards third countries to protect the EU financial system. Obliged entities need to take mitigating measures based on geographical and other relevant risk factors. They are also required to apply enhanced vigilance in the case of transactions or business relationships involving countries with strategic deficiencies in their AML/CFT frameworks. Under the 5AMLD, the Commission is required to build an autonomous capacity to identify countries that present such strategic deficiencies (34).

The Commission will identify countries that pose a specific threat to the Union’s financial system using an autonomous methodology that takes due account of the synergy with the FATF listing process, an enhanced dialogue with third countries carried out in cooperation with the European External Action Service (EEAS), and close consultation of Member States experts. Based on the revised methodology (35), which is published at the same time as this Action Plan, this process will involve the Commission, in cooperation with the EEAS, engaging with third countries where shortcomings are identified on a preliminary basis, in view of developing, where possible, an action plan to address those concerns. After an observation period, the Commission will assess progress in implementing those commitments in order to conclude its assessments.

The EU list of high-risk third countries provides a key tool for obliged entities and public authorities, but might also have effects outside the AML/CFT framework. The Commission is committed to monitor whether such listing impacts equivalence decisions (36) and to ensure that adequate safeguards are applied with regard to financial instruments in line with Article 155 of the Financial Regulation (37).

The experience gained from the EU listing process and the setting-up of new AML/CFT functions at EU level might lead to a review of the approach towards risks posed by third countries. As a FATF Member, the Commission should continue taking into account call for actions by the FATF to address risks posed by third countries – and retain a capacity to also apply appropriate measures independently of any FATF call as required by international standards. In that context, an EU-level supervisor could also contribute to mitigating risks from third countries by developing appropriate risk mitigating measures for obliged entities depending on the type and severity of deficiencies. This would include developing more granular and risk-based measures to address risks posed by the AML/CFT framework of other jurisdictions. Such process might also be complemented with a transactions-based approach, given that no jurisdiction is immune to emerging ML/TF risks. Similarly, a coordinating and support function for FIUs could provide valuable input to identify new trends and risks posed by third countries – as well as possible issues in international cooperation.

As part of this set of measures to manage external risks, the Commission is developing a technical facility (38) to provide technical assistance to third countries to raise their capacity and address weaknesses in their domestic AML/CFT frameworks. As one of the main international donors in this field and based on its extensive diplomatic network, the EU would use this capacity in order to strengthen barriers against money laundering and terrorist financing worldwide. Trade policy also contributes to developing adequate safeguards with regard to investments (39) and trade flows. The Commission will seek commitments from the EU’s trade partners to implement AML/CFT measures and will maintain regulatory space to act in case of money laundering and terrorist financing risks facing the EU’s financial system.

A new methodology on the assessment of high-risk third countries is published along with this Action Plan. The Commission will continue working with the Member States and will increase its involvement in the FATF so that the EU can play a stronger role globally.

VIII.   The way forward: a Roadmap

As detailed in this Action Plan, the Commission will propose several measures to enhance the AML/CFT framework. An impact assessment, including on fundamental rights and especially the right to the protection of personal data, will be prepared to assess the different options in terms of legislative changes:

Action	Means	Timeline
Effective implementation of the existing EU AML/CFT framework	Infringement/legal proceedings Study on application of 4AMLD 3rd Supranational Risk Assessment Work on interconnection of beneficial ownership registers Country Specific recommendations/ European Semester Current EBA work	All measures ongoing
Reinforcing and developing the EU AML/CFT single rule book	Legislative proposal: — identifying areas to be turned in a Regulation alongside an amended Directive — setting out new areas to be regulated at EU level — identifying amendments necessary in respect of other existing legislation	Q1 2021
Bringing about EU level AML/CFT supervision	Legislative proposal	Q1 2021
Establishing a support and coordination mechanism for FIUs	Legislative proposal	Q1 2021
	Transfer of technical management of FIU.net to the Commission	Q4 2020
Criminal law enforcement and information sharing	Establishment of the EFECC	Q2 2020
	Guidance on PPPs and possible EDPB opinion on data protection aspects	Q1 2021
	Monitor transposition and implementation of directives on criminal law and law enforcement cooperation
	Options to enhance domestic and cross-border information exchange among all competent authorities
Strengthening the international dimension	Commission refined methodology for the identification of high risk third countries	Q1 2020
	Delegated acts	As appropriate (tentative planning for 2020: Q2, Q3 and Q4)

The Commission welcomes stakeholder views on the way forward set out in this Action Plan and invites contributions by 29 July 2020 by replying to the questionnaire available on Have your Say.

---

(1)  Europol, ‘Pandemic profiteering: how criminals exploit the COVID-19 crisis’, March 2020. The European Banking Authority also reminded credit and financial institutions of the importance of effective systems and controls and asked competent authorities to support them in this regard. See ‘EBA statement on actions to mitigate financial crime risks in the COVID-19 pandemic’.

(2)  The Court recognised that the objective of fighting money laundering is linked to protecting public order and can justify a restriction to the fundamental freedoms guaranteed by the Treaty, including the free movement of capital. Restrictions must be proportionate (see Jyske Bank Gibraltar, C 212/11 and Lhu Zeng, C- 190/17).

(3)  The FATF is an inter-governmental body that sets standards and promotes effective implementation of measures to fight money laundering and terrorist financing. The Commission, 14 EU Member States and 2 EFTA-EEA States are FATF members, whereas 13 Member States are members of Moneyval, a regional organisation.

(4)  Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (OJ L 156, 19.6.2018, p. 43).

(5)  Regulation (EU) 2019/2175 of the European Parliament and of the Council of 18 December 2019 amending Regulation (EU) No 1093/2010 establishing a European Supervisory Authority (European Banking Authority), Regulation (EU) No 1094/2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), Regulation (EU) No 1095/2010 establishing a European Supervisory Authority (European Securities and Markets Authority), Regulation (EU) No 600/2014 on markets in financial instruments, Regulation (EU) 2016/1011 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds, and Regulation (EU) 2015/847 on information accompanying transfers of funds (OJ L 334, 27.12.2019, p. 1).

(6)  Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005 (OJ L 284, 12.11.2018, p. 6).

(7)  Directive (EU) 2019/878 of the European Parliament and of the Council of 20 May 2019 amending Directive 2013/36/EU as regards exempted entities, financial holding companies, mixed financial holding companies, remuneration, supervisory measures and powers and capital conservation measures (OJ L 150, 7.6.2019, p. 253).

(8)  Directive (EU) 2019/1153 of the European Parliament and of the Council of 20 June 2019 laying down rules facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of certain criminal offences, and repealing Council Decision 2000/642/JHA, OJ L 186, 11.7.2019, p. 122).

(9)  Directive (EU) 2018/1673 of the European Parliament and of the Council of 23 October 2018 on combating money laundering by criminal law (OJ L 284, 12.11.2018, p. 22).

(10)  Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (OJ L 305, 26.11.2019, p. 17).

(11)  COM(2019) 360 final.

(12)  European Parliament resolution of 19 September 2019 on the state of implementation of the Union’s anti-money laundering legislation (2019/2820(RSP)).

(13)  Council Conclusions of 5 December 2019 on strategic priorities on anti-money laundering and countering the financing of terrorism (14823/19).

(14)  As highlighted in the most recent Union supra-national risk assessment, the Commission report on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities, COM(2019) 370 final.

(15)  Art. 65(1) 4AMLD.

(16)  See footnote 5.

(17)  EBA report on competent authorities’ approaches to the anti-money laundering and countering the financing of terrorism supervision of banks, EBA/Rep/2020/06.

(18)  In addition to the financial sector, legal professionals and accountants, the EU framework also applies to estate agents, gambling services, persons trading in goods, providers engaged in exchange services between virtual currencies and fiat currencies, custodian wallet providers, persons trading in works of art.

(19)  Report from the Commission to the European Parliament and the Council on restrictions on payments in cash, COM(2018) 483 final. Further targeted assessment of this matter will be explored in the course of 2021.

(20)  ESAs Joint Opinion of the European Supervisory Authorities on the risks of money laundering and terrorist financing affecting the European Union’s financial sector, 4 October 2019.

(21)  EBA Report on potential impediments to the cross-border provision of banking and payment services, 29 October 2019.

(22)  The FATF defines virtual assets as digital representations of value that can be digitally traded, or transferred, and that can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities and other financial assets already covered by its standards.

(23)  See also the announcement in the Commission Work Programme that the Commission will put forward a legislative framework on crypto-assets.

(24)  Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms (OJ L 173, 12.6.2014, p. 190).

(25)  Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes (OJ L 173, 12.6.2014, p. 149).

(26)  Directive 2014/92/EU of the European Parliament and of the Council of 23 July 2014 on the comparability of fees related to payment accounts, payment account switching and access to payment accounts with basic features (OJ L 257, 28.8.2014, p. 214).

(27)  Duly respecting the nature of the information concerned.

(28)  See footnote 9.

(29)  See footnote 8.

(30)  Directive 2014/42/EU of the European Parliament and of the Council of 3 April 2014 on the freezing and confiscation of instrumentalities and proceeds of crime in the European Union (OJ L 127, 29.4.2014, p. 39).

(31)  Regulation (EU) 2018/1805 of the European Parliament and of the Council of 14 November 2018 on the mutual recognition of freezing orders and confiscation orders (OJ L 303, 28.11.2018, p. 1).

(32)  ISF-Police funds.

(33)  Approved by the Ministers and Representatives of the Financial Action Task Force on 12 April 2019.

(34)  See https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1581497419034&uri=CELEX:02016R1675-20181022

(35)  SWD(2020)99.

(36)  See COM(2019) 349 final of 29.7.2019.

(37)  Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union (OJ L 193, 30.7.2018, p. 1).

(38)  EU Global Facility on Money Laundering and Terrorism Financing.

(39)  See Regulation (EU) 2019/452 of the European Parliament and of the Council of 19 March 2019 establishing a framework for the screening of foreign direct investments into the Union (OJ L 79I, 21.3.2019, p. 1).