While this is by no means an exhaustive list (requirements will be specific to each individual organisation and jurisdiction), there are some key actions financial institutions need to take to drive compliance:
Ownership transparency: In-scope entities must be aware of any requirements to submit beneficial ownership information to the centralised e-justice registry. For accurate submission to take place, KYC records should be complete, in-date and include up-to-date beneficial ownership information.
Action: Conduct an impact assessment to identify any gaps in beneficial ownership information within KYC records and ensure processes are in place to update national centralised registries where required. Where centralised information is available, assess how this can be obtained automatically to accelerate AML and onboarding tasks. You can search for company information on the centralised registry here.
Transparency of trusts: Under 5AMLD, competent authorities or those with a legitimate interest will be able to access the beneficial ownership information of trusts with no restriction. Where a trust is a beneficial owner of a company it will be possible to access the same degree of information as above through a written request.
Action: Ensure your teams are aware of the new rules in relation to trusts and put in place procedures to ensure that such beneficial ownership information is gathered and reviewed during the due diligence process.
Crypto Currencies:5AMLD extends AML requirements to all entities involved in exchange services between virtual currencies and cash, including those providing custodian wallets, tax related services and traders in works of art.
Action: Virtual currency exchange platforms will now need to adopt the regulatory framework set out under 5AMLD. Such entities must have policies and procedures in place to ensure effective client identification & verification, client due diligence standards, transaction monitoring and suspicious activity reporting.
Pre-paid Cards: 5AMLD requires that financial institutions identify the owners of pre-paid cards valued at 150 Euros or above.
Action: Asses the ability to detect pre-paid card transactions and prevent those transactions linked to a pre-paid card for which the owner is unidentified or considered to be high risk.
Improved cooperation with the ECB: Under 5AMLD member states should implement centralised bank account registers to enable the identification of bank and payment account holders. Financial Investigation Units (FIUs) can request information from all in-scope entities in relation to specific bank accounts.
Action: Ensure that your teams are adequately trained both in the new requirements and in data privacy law to ensure they can respond accurately and confidently, without risk of confidentiality breaches.
High risk country assessment: All in-scope entities should adopt the revised EU list of high-risk countries. Further detail can be found here.
Action: Review all KYC and risk rating processes and systems to ensure they accommodate any additional high risk (Enhanced due diligence) checks that may be required.