What is AML?
Anti-Money Laundering (AML) refers to the policies and practices that financial and non-financial institutions adopt to prevent money laundering and related financial crimes. AML is often integrated with efforts to counter the financing of proliferation and terrorism. This framework includes mechanisms to ensure that banks and relevant organizations dutifully report suspicious transactions, as well as the involvement of financial intelligence units and relevant law enforcement agencies.
Who Must Comply with AML Regulations?
The obvious answer is that banks and other financial institutions. What is sometimes overlooked that the list of “obliged entities” is getting longer. Hence, AML is applicable to a wide range of financial and non-financial institutions, including investment firms, insurance companies, payment institutions, electronic money institutions, virtual asset service providers (VASPs), real estate agents, casinos, lawyers, accountants, trust or company service providers, art dealers, high-value goods dealers, crowdfunding platforms, virtual asset service providers, currency exchange offices, money remittance businesses, and certain FinTech companies offering financial services. The latest to be added to the list with the new package of the EU AML legislation are also top tier professional football clubs1. Similarly, FinCEN is also extending reporting requirements to real-estate agents and investment advisors2.
In certain jurisdictions, there is an obvious trend of regulators strengthening their supervision of AML/CFT compliance across various sectors3. Real estate agents, casinos, and law firms have faced significant fines for failing to meet AML obligations. Of course, these fines are hardly comparable to the millions paid by banks for AML breaches, such as the $186 million fine levied on Deutsche Bank4 and the €1.45 million fine on Commerzbank5 just over the last year.
SALVIOL’s AML solution already supports banks and payment processors, but our aim to make solution accessible also to other obliged entities, like accountants, lawyers, real-estate agents. Our user-friendly tool guides you through every step of the AML process, from initial client onboarding to ongoing monitoring and periodic reviews. With intuitive workflows, you can easily manage client documentation, track changes, and stay up-to-date with regulatory requirements.
What is necessary for compliance with AML regulations?
All these organizations have to set up proper AML governance, which refers to the framework of policies, procedures, and controls that organizations implement to ensure compliance with anti-money laundering regulations. It involves establishing a clear organizational structure, allocated resources and funds for AML compliance, defining roles and responsibilities, and regular training, creating a culture of compliance throughout the organization. Effective AML governance is crucial for managing risk and meeting regulatory requirements.
Staying ahead of evolving regulations is demanding for organizations, especially with rapid changes. States and organizations are constantly responding to new and emerging risks related to money laundering, the financing of proliferation and terrorism, including digital currencies and other methods of asset transfer.
For example, in 2024 the EU adopted a packaged of new rules, which present major overhaul of the EU's AML/CFT framework, moving from a directive-based approach to a more harmonized regulatory regime with stronger EU-level oversight. The new rules will generally apply from July 2027, giving entities time to prepare for compliance.
SALVIOL is expanding its capabilities by introducing comprehensive investigation and compliance services. These new offerings are designed to help organizations understand their AML requirements and achieve full compliance. By leveraging SALVIOL's expertise, businesses can navigate the complex landscape of AML regulations more effectively.
What changes are introduced by 2024 EU AML regulations?
The sixth Anti-Money Laundering (AML) directive6 introduces several key changes to strengthen the EU's AML framework. It harmonizes supervisory powers and sanctions across member states, enhancing the ability to enforce AML requirements. Financial Intelligence Units (FIUs) are granted expanded powers to analyze, detect, and suspend suspicious activities, with improved information sharing capabilities. The directive establishes more comprehensive beneficial ownership registers, interconnected at the EU level, with extended data retention periods. It also provides broader access to these registers for authorities, media, and civil society organizations.
The Regulation (EU) 2024/16207 established the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), a new EU authority headquartered in Frankfurt, Germany, which is expected to be fully operational by mid-2025.
The most important for organizations, for sure, is Regulation (EU) 2024/16248 on preventing the use of the financial system for money laundering or terrorist financing. This creates a single rulebook of AML/CFT obligations directly applicable to the private sector across the EU. Some changes included in the Regulation:
Extended scope of obliged entities: The Regulation expands the list of entities subject to AML/CFT rules (e.g crypto-asset service providers, luxury goods traders).
Lower thresholds for customer due diligence: Obliged entities must now conduct CDD measures for occasional transactions at a 10,000 EUR threshold, down from 15,000 EUR previously. For crypto-asset service providers, the threshold is even lower at 1,000 EUR.
Enhanced due diligence for high-net-worth individuals: Credit and financial institutions must apply additional enhanced due diligence measures for high-risk business relationships involving assets of at least 5 million EUR for certain customers with assets over 50 million EUR.
New beneficial ownership requirements: The definition of beneficial ownership has been tweaked to include ownership of exactly 25%, potentially requiring firms to revisit their beneficial ownership analysis.
Group-wide policies: Parent undertakings that are obliged entities must adopt group-wide AML/CFT measures and policies, including for subsidiaries in third countries.
Outsourcing restrictions: New rules govern outsourcing contracts, with certain tasks that cannot be outsourced, such as decisions on customer risk profiles or entering business relationships. Full accountability for AML compliance remains with the obliged entity. AMLA will provide additional guidelines on outsourcing.
Exchange of information in the framework of partnerships for information sharing: A legal framework is established for cooperation and information exchange between obliged institutions, particularly concerning customer due diligence.
Revised rules regarding CDD for clients from high-risk third countries9: Obliged entities are required to apply enhanced due diligence measures to manage and mitigate such risks appropriately. In case of transactions with countries that with significant strategic deficiencies in their national AML/CFT regimes and countries posing a specific and serious threat to the Union’s financial system, obliged entities will have to carry out additional measures.
How can organizations monitor and analyze relevant data?
While understanding these regulatory changes is crucial, implementing them effectively requires robust monitoring and analysis capabilities. As the complexity of financial transactions and the volume of data continue to grow, organizations need to adopt more sophisticated approaches to AML compliance. The sheer volume of data that organizations must monitor and analyze for AML purposes has grown exponentially. The Wolfsberg group expanded the meaning of AML monitoring by introducing the concept of Monitoring for Suspicious Activity. MSA is more comprehensive than just Transaction Monitoring, as it takes into account customer behavior and attributes along with transactions to provide a broader view of potentially suspicious activity. Transaction Monitoring is a subset of MSA, which may also encompass ongoing Customer Due Diligence10 .
The Wolfsberg Group encourages all stakeholders involved in the MSA process to proactively develop innovative techniques and supporting technologies. An enhanced approach that leverages emerging technologies offers financial institutions an opportunity to collaborate with law enforcement and regulators. This can help improve detection capabilities, minimize adverse impacts on customers, and provide more valuable information to government agencies about criminal activities.
It is worth noting that this applies also to virtual assets and VASPs. The rise of cryptocurrencies and other digital assets has introduced new challenges in the realm of AML monitoring and compliance, to which countries are responding with different pace. It has been a while since FATF extended its Recommendations11, which requires VASPs to collect and share accurate information about the sender and recipient of virtual asset transfers above a certain threshold. VASPs must also implement robust systems to track and analyze these transactions in real-time, identifying patterns and behaviors that may indicate suspicious activity.
In response to these and similar calls, SALVIOL is at the forefront of developing innovative solutions that align with this comprehensive approach. Our enhanced data analytics, facilitated by AI capabilities for anomaly detection, pattern recognition, and reporting, go beyond traditional transaction monitoring for both fiat as well as digital currencies to provide a holistic view of customer behaviour and potential risks. Concurrently, SALVIOL is actively preparing for the requirements of the AI Regulation12 adopted by the EU, as it is clear that AI offers many advantages but also enhances some existing risks and introduces new ones.
____________________________________
3 - Few examples from the UK: Bell, A. (2022). The Law Society. @Thelawsociety; The Law Society.
4 - US Fed fines Deutsche Bank $186 million for slow progress against money laundering. (2023, July 19).
10 - The Wolfsberg Group Statement on Effective Monitoring for Suspicious Activity. (2023, January 1).