Menu
undefined undefined
My dashboard
My Content
My products (0) My insights (0) My events (0) My contacts (0)

Anti-money laundering round up

We consider the recent developments in AML regulation and enforcement.

09 July 2020

Publication

With the National Crime Agency's (NCA) annual plan for 2020-2021 reporting that losses from fraud increased by more than a third in the last calendar year, the agency has warned that individuals and corporates must remain alert amidst turbulent economic times. In light of the increased focus on businesses doing more to update and strengthen their compliance protocols, this article provides an overview of money laundering news and developments over recent months.

Commerzbank AG's (London branch) AML fine

The FCA has fined the London branch of Commerzbank AG £37.8 million for failure to put in place adequate AML controls between October 2012 and September 2017.

Commerzbank London was found to have breached Principle 3 of the FCA's Principles for Business which requires that companies have 'adequate risk management systems' in place. Specifically, the FCA's investigation identified the following shortcomings:

  • A failure to conduct timely periodic due diligence on its clients, resulting in a number of clients not being subjected to timely know-your-customer (KYC) checks. By 1 March 2017, 1,772 of the bank's clients were overdue updated due diligence checks.

  • Commerzbank London also failed to address longstanding weaknesses in its automated tool that monitors the money laundering risk on transactions for clients. In 2015, for example, the bank identified that 40 high-risk countries and more than a thousand clients were missing from the automated system.

  • There were instances where risks related to politically exposed persons were insufficiently identified and addressed.

  • The bank did not have a detailed documented process that covered the termination of a client relationship because of risks associated with financial crime.

Having agreed to resolve the AML deficiencies at an early stage, Commerzbank London's fine was discounted by 30% from £54 million. The imposition of the fine highlights that despite the difficulties associated with COVID-19 and a remote working environment, the FCA continues to operate its investigation and enforcement operations as close to 'business as usual' as possible. For more information about the operations of UK enforcement agencies during COVID-19, see our tracker.

On 6 May 2020, the Financial Action Task Force (FATF) published a report outlining a number of significant money laundering and terrorist financing risks associated with COVID-19. The report points to a marked increase in white collar crime; particularly cybercrime, fraud and corruption that has become more prevalent during the pandemic.

FATF highlighted the following six specific areas of risk that companies should pay particular attention to:

  • Customer due diligence (CDD) measures: given the proliferation of online services and the concurrent closure of physical branches, banks have had limited ability to carry out CDD verification on new customers and on-boarding may be completed without the required checks or it will be deferred.

  • Using online financial services to conceal illicit funds: there has been an increase in the number of vulnerable citizens, who are unfamiliar with online banking services, being targeted.

  • Exploitation of economic circumstances: criminals may look to target struggling businesses as a means of investing and generating cash and laundering illicit proceeds. This will likely come at the same time that businesses facing economic hardship look to save on AML policies and procedures.

  • Use of unregulated financial services: individuals and companies looking for quick economic revival may begin to turn to new and unlicensed lenders.

  • Misuse of government schemes: emergency funding and international aid schemes that have been imposed quickly and often with limited regulation controls are prime targets for exploitation and misappropriation.

  • Physical transactions: in times of crisis individuals concerned with the performance of traditional financial instruments may liquidate portfolios and purchase large quantities of 'safe-haven' assets that are more difficult to trace (i.e. gold).

The report also provides a number of measures that firms can take to combat the heightened risk of COVID-19 related exploitation:

  • Government agencies should ensure continued communication and cooperative efforts with the private sector.

  • Firms should make full use of a risk-based approach to CDD.

  • Dialogue is encouraged between industry peers, especially in respect of suspicious activity and measures used to combat fraud.

  • Businesses should review controls in light of the risks identified to protect the most vulnerable customers.

  • Electronic and digital payment options should be supported.

Joint Money Laundering Steering Group guidance on cryptoassets

On 17 March 2020, the Joint Money Laundering Steering Group (JMLSG) published a new chapter for consultation covering sectoral guidance on money laundering and terrorist financing risks applicable to cryptoassets in the financial services sector (the guidance). The proposed chapter will be incorporated separately under Part II JMLSG's guidance and takes into account recent amendments which brought custodian wallet and cryptoasset exchange providers within scope of the Money Laundering Regulations 2017 (the MLRs).

The guidance addresses factors that give rise to money laundering and terrorist financing risks that are specific to the cryptoasset sector. These include:

  • the fact that under certain cryptoasset platforms, parties can transact without having been fully identified;

  • the decentralised and segmented manner in which cryptoasset platforms function; and

  • the multi-jurisdictional nature of the cryptoasset platforms and the effect that this may have on the effectiveness of particular jurisdictions' ability to enforce anti-money laundering ("AML") controls.

Clarification is also provided by the guidance as to the type of cryptoasset service provider that is likely to come under the scope of the MLRs.

A broad definition has been applied to what constitutes a cryptoasset exchange service to include companies that 'arrange or make arrangements with a view to the exchange of cryptoassets for money or money for cryptoassets'. As a result, the services outlined below are likely to be considered in the following ways:

Likely to fall within the scope of the expanded MLRs

  • Issuers, creators or miners, if they accept money or cryptoassets by way of business in exchange for the cryptoassets they issue, create or mine.
  • Mining and initial coin offerings.
  • Services facilitating the issuance and trading of cryptoassets; however, excluding the mere provision of advice or technology services.
  • Cryptoasset escrow services.

Likely to fall outside the scope of the expanded MLRs

  • Buying and selling cryptoassets for one’s own account.
  • Intermediaries acting as outsourced service providers, in which case the AML obligations remain with the outsourcing provider.
  • The issuance or acceptance of utility tokens.

The definition of a custodian wallet provider includes both firms and sole practitioners that 'safeguard and/or administer cryptographic keys as a means to hold, store or transfer cryptoassets on behalf of their customers'. The guidance goes on to clarify that if a firm or a sole practitioner holds and stores the cryptographic keys for customers but is not then a part of their transfer, it is unlikely that these will be considered custodian wallet providers.

Adoption of the 5th Money Laundering Directive in Germany and France

Following widespread tax evasion revelations in the Panama Papers and a number of European terrorist attacks in the summer of 2016, the European Union (the "EU") sought to address gaps in its AML and combating of the financing of terrorism strategy. This included the lack of virtual currency regulation and the need for better cooperation between member states. Following the deadline for EU countries to implement measures ensuring compliance with the 5th Money Laundering Directive ("5MLD" or the "Directive") on 10 January 2020, the European Commission (the "Commission") sent letters of formal notice to Belgium, Czechia, Estonia, Ireland, Greece, Luxembourg, Austria, Poland and the UK on 14 May 2020 for having only partially transposed the Directive. The Commission had also previously addressed letters of formal notice to Cyprus, Hungary, the Netherlands, Portugal, Romania, Slovakia, Slovenia and Spain because they had not implemented or communicated any transposition measures.

This update takes a brief look at how the cryptoasset related measures have been addressed in Germany and France. For further information on the UK's amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 in light of 5MLD, click here.

In overview, 5MLD requires that crypto exchanges and custodians register with their local regulator and comply with certain domestic KYC and AML laundering procedures, in a similar manner to traditional financial institutions, to disclose their traders' identities and report suspicious activity. Whilst 5MLD provides clarity as to aspects of cryptoasset regulation and may persuade traditional financial institutions to become more open to servicing cryptoasset service providers. As with previous directives, differences in implementation of 5MLD and interpretation vary from country to country. 

Germany

Firms offering cryptoasset exchange services between virtual and fiat currencies and custodian wallet providers must now be registered with the German Ferderal Financial Supervisory Authority (BaFin) under 5MLD. Instead of creating new categories of 'obliged persons' under its Money Laundering Act, German legislators have decided to make a number of amendments to its Banking Act to: (i) include a definition of cryptoassets; (ii) expand the definition of financial instruments to include cryptoassets; and (iii) bring the service of cryptoasset safekeeping within the scope of the Banking Act. Consequently, firms providing cryptoasset services are now treated as financial service providers in Germany and are therefore subject to regulation by BaFin.

EU passporting had previously ensured that a cryptoasset service provider with a license in one European jurisdiction was able to offer its services to other member states. Under the gold-plated German implementation of 5MLD, firms looking to provide crypto services must now apply for a license or partner with a German license holder. This may, however, also encourage more mainstream provision of crypto services with banks and other licensed financial institutions now able to act as cryptoasset custodians.

France

The French financial markets regulator (AMF) has also implemented new regulations governing cryptoasset service providers in order to transpose 5MLD into national law. The AMF now requires firms providing one of the following cryptoasset services to register with the regulator:

  • cryptoasset custody services;

  • the buying or selling of cryptocurrency in exchange for fiat currency;

  • safeguarding and/or managing cryptoasset portfolios;

  • trading cryptoassets for other cryptoassets; and

  • advising on crypto-based investments.

In order to obtain a license, the AMF has imposed a number of onerous hurdles that crypto service providers need to overcome in order to mitigate the increased risk of cybercrime, fraud and corruption in the crypto sector. Some of the hurdles imposed by the AMF include the provision of:

  • details of the firm's internal control systems;
  • a two-year business plan;
  • a cybersecurity program that is compliant with European data privacy laws;
  • a list of cryptoassets and/or services that the business plans to offer;
  • procedure steps outlining how the company will deal with insurance claims;
  • policies and procedures that are in place to mitigate the risks of money laundering and terrorist financing;
  • the location of the business; and
  • the details of at least one senior manager.

In applying for a license, a cryptoasset service provider must submit documentary evidence of the above bullet points and proof of professional indemnity insurance or a minimum amount of available funds. Once a firm has received a license, it must also undertake regular audits to ensure that compliance remains up to the standard of the AMF.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.

Related insights

This website uses cookies and other similar technologies to ensure you get the best experience on our website. Please review our cookie policy and our data protection privacy notice for more information on how the data that is collected is used.