This book aims to provide a first critical comment of the changes introduced by the new Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering (ML) or terrorist financing (TF) (the Fourth anti-money laundering/counter terrorism financing (AML/CFT) Directive),¹ amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (the Third AML/CFT Directive).²

Fortunately, it has been gaining increasing awareness of the need to combat, through appropriate provisions, the criminal phenomenon of ML, which is assuming ever larger dimension³ capable of threatening the stability of the global financial system:⁴ as has been authoritatively stated, “effective anti-money laundering and combating the financing of terrorism regimes are essential to protect the integrity of markets and of the global financial framework as they help mitigate the factors that facilitate financial abuse.”⁵

In the “Europeanisation” of the fight against crime within the EU area of freedom, security, and justice,⁶ the new EU Directive represents a further step towards the setting up of common rules, methods, and practices⁷ for combating crimes which, if not properly prevented and punished, can lead to consequences of subverting the proper functioning of financial markets.

The new regulatory framework welcomes the risk-based approach (RBA): it acknowledges that the levels and types of action required to be taken by Member States, supervisors, and firms will differ according to the nature and severity of risks in particular jurisdictions and sectors, clarifying the types of situations in which simplified customer due diligence (CDD) will be appropriate, as well as those situations where it is necessary for firms to conduct enhanced checks.

We have new rules concerning the extended definition of politically exposed persons—PEPs (here is clarified that enhanced due diligence will always be appropriate where transactions involve PEPs), inclusion of tax crimes as predicate offences, national- and Europe-wide risk assessments, reinforcement of sanctioning powers and requirements to coordinate cross-border action, lower exemptions for one-off transactions and expansion of the perimeter, meet new requirements on beneficial ownership information, increase transparency by requiring companies and trusts to hold information on their beneficial ownership, and make this information available to supervisors and parties conducting due diligence on them.

In this book, Chap. 2 explains the changes to the current EU AML/CFT requirements on CDD, increasing the emphasis on the RBA. The new design is motivated by the changing nature of ML and TF threats: facilitated by the constant evolution of technology and of the means at the disposal of criminals, the variables associated with ML/TF risks are such that it is impossible to sketch a single regulatory taxonomy and to impose a “one size fits all” solution. Thus, the idea is to affirm a model where obliged entities have to understand the ML and TF risks they face and adopt the most cost-effective and proportionate way to manage and mitigate them, calibrating adequate countermeasures.

By illustrating the new set of CDD requirements, describing how the new architecture would work, Chap. 2, in particular, emphasises that obliged entities should take appropriate steps to identify and assess the risks of ML and TF, taking into account risk factors including those relating to their customers, countries or geographic areas, products, services, transactions, or delivery channels. Those steps must be proportionate to the nature and size of the obliged entities. Obliged entities should also have in place policies, controls, and procedures to mitigate and manage effectively these risks of ML and TF.

The broad objective is that obliged entities should know who their customers are, what they do, and whether or not they are likely to be engaged in criminal activity. In this respect, obliged entities must decide, on the basis of their assessment of the risks posed by different customer/product combinations, on the level of verification that should be applied at each level of risk presented by the customer. Thus, according to the risk level, obliged entities have to decide whether to apply simplified, normal, or enhanced due diligence controls. Public authorities will support the private sector in applying the RBA with a risk assessment conducted both at national and at supranational level in order to identify major risks that pose a threat to single Member States as well as to the Internal Market as a whole and to elaborate adequate policies and countermeasures. In parallel, these findings will be made available to obliged entities to help them conduct their own risk assessment.

Chapter 3 deals with the regulation of beneficial ownership assessment, as part of the new “customer due diligence” duties set forth by the Fourth EU AML Directive. After a discussion on the relevance of identifying the actual owner behind legal and corporate schemes, so as to overcome some of the most common “layering” and “placement” laundering techniques, it focusses on the provisions embodied in the Financial Action Task Force (FATF) Recommendations, comparing the 2003 edition and the revision occurred in 2012 (and all the related interpretative documents), which concern not only the definition of beneficial ownership but also the performance of CDD duties in this regard: the main point of interest is the new “progressive approach” in ascertaining actual owners of the schemes. With reference to the European legislation, Chap. 3 describes how the FATF Recommendations (2003 ed.) have been implemented by the European legislator under the repealed Third Directive in 2005, with brief reference to some Member States’ national implementing measures. As far as the Fourth EU AML Directive is concerned, the new provisions on beneficial ownership are described, with a special emphasis on the new disclosure requirements aimed at providing public bodies and to the business community as a whole, especially by means of the reporting of data disclosed in a “central public register,” so as to strengthen the public supervision and to ease the CCD duties’ performance. In the end, it discusses the main options for national legislators regarding the implementation of the new beneficial ownership legislation, with a view to possible changes in the role of central business registers.

Chapter 4 faces with the relevant problem of supervision of payment institutions that operate across borders by agents. In fact, most Member States result host some agents operating on a European passport under the EU Payment System Directive (PSD); a large number of Member States act as the home regulator for cross-border payment institutions. Risks associated with the money transfer sector, especially operating through agents, are considered very high.

In this framework, various criminal investigations found out that the money transfer networks are misused for ML purposes or for TF purposes by criminal organisations. Payment System (PS) agents, whenever they are not financial institutions, are considered as presenting an inherent ML/FT high risk, due to their absence of control mechanisms in terms of the prevention of AML/CFT on the overwhelming number of agents operating in these conditions (gas stations, subway stations, supermarkets).

In EU Member States, there have been reported some cases of countries where the requirement of a central contact point (CCP) has been set up by their national legislation. From this new system of rules derive various problems related to the supervision of the money services agents. For example, a very relevant issue concerns which jurisdiction’s (home or host) AML/CFT law should apply when such delegated inspections took place.

We would need—just to avoid reduced competition between the laws of the Member States in the implementation of the new EU Directives—as fast as possible harmonisation of procedures for the supervision of payment institutions by agents. It will be a crucial common approach to the regulation of cross-border PS agents within Europe at present, to counter the risk of violation domestic law and distortion of competition within a local market because of uncontrolled AML/CFT measures by using a huge network of agents. The justified interests of the PS industry to get predictable regulatory conditions need a “standardised” and uniform regulatory approach.

Chapter 5 details a new strategy of risk-based regulation introduced by the Fourth EU AML Directive—risk assessment—structured on three levels: the supranational/EU level (Article 6), the national level (Article 7), and the obliged entities’ level (Article 8). These levels are linked to and fed by each other in a dynamic way, even though a supremacy role is attributed, to some extent, to the European Commission. More specifically, the European Commission is entitled to (a) prepare a risk assessment report, also on the basis of European Supervisory Authorities (ESAs’) opinion, Member States’ and obliged entities’ information, and international organisations’ report; (b) recommend the Member States to adopt specific measures with a “comply-or-explain” mechanism; and (c) individuate high-risk third countries and adopt the relevant measures to avoid AML/CFT policies be jeopardised. The Member States are entitled to (a) designate an authority or establish a coordinating mechanism to address ML; (b) carry out periodical risk assessments; and (c) identify any areas where obliged entities are to apply enhanced measures and, where appropriate, specifying the measures to be taken. The obliged entities have to conduct their own risk assessments and adopt the relevant AML/CFT policies.

Moreover, the Fourth EU AML Directive boosts the international cooperation. More specifically, all involved institutions are called to act jointly to achieve common AML/CFT objectives and Member States are called to supervise on and ensure AML/CFT compliance of obliged entities, regardless to where such obliged entities operate their establishments. Finally, the new EU Directive gives some guidance on the relations between data protection and risk assessment and on the accuracy of statistics. Actually, only accurate, precise, and updated statistical data may lead to credible risk assessments. Risk assessment is to be welcomed since it may significantly boost AML/CFT policies. However, flows of information are useful only when they are well selected and, above all, when policies really take place. In this regard, recent experiences teach that a lot is yet to be done.

Chapter 6 faces to tax crimes inclusion in “criminal activity” definition as relevant for AML purposes. The main category of predicate offences from which ML arise is related to tax crimes. They are money evaded from the State balance, saved and hidden by those who do not pay taxes. It is easy to understand how this situation affects severally the economy of the States, already weakened by European sovereign debt crisis that has been taking place in the EU since the end of 2009. On the basis of these considerations, the EU Member States have felt the need to combat ML with any tools. Already in its 12 February 2012 Recommendations, FATF-GAFI included expressly Tax crimes in the category of predicate offences in order to extend the application field of Anti-Money Laundering Law.

The 2012 April Paper from the European Commission proposed to examine if the current approach of use of “all serious offences” could be sufficient to include also tax crimes or if they should be included in the specific category of “serious offences” according to art. 3, n. 5 or if it would be better to give a more precise definition of tax crimes. The solution chosen by Directive IV is the second one such as the inclusion of tax crimes in a specific category of “serious offences” to art. 3, n. 4 letter f. The new EU Directive includes tax offences in the range of predicate offences that qualify criminal activity, such as to constitute the basis of ML.

The Directive IV highlights that “tax crimes” relating to direct and indirect taxes includes tax crimes in the broad definition of “criminal activity,” in line with the revised FATF Recommendations. Given that different tax offences may be designated in each Member State as constituting “criminal activity,” national law definitions of tax crimes may diverge. While no harmonisation of the definitions of tax crimes in Member States’ national law is sought, Member States should allow, to the greatest extent possible under their national law, the exchange of information or the provision of assistance between EU Financial Intelligence Units (FIUs).

The tax crimes inclusion in the definition of criminal activity is undoubtedly an important innovation of the Fourth Directive, especially considering that the most part of ML arise from tax crimes activities. The entry into force of the new joint European standards raises a crucial information asset of European states contributing to the international fight against tax evasion.

Chapter 7 considers the effects of new rules on gambling sector. Article 2 of the Fourth EU AML Directive clearly specifies that it applies not only to casinos, already affected by the previous Directive, but also to “providers of gambling services,” including those online. In fact, unlike the Third Directive which generically referred to casinos without giving a specific definition of them, Article 3, paragraph 14 of this Directive defines “gambling services” as those services which involve wagering a stake with monetary value in games of chance, including those with an element of skill such as lotteries, casino games, poker games, and betting transactions that are provided at a physical location, or by any means at a distance, by electronic means or any other technology for facilitating communication, and at the individual request of a recipient of services.

The approach of the new Directive is always based on risk—that is, the nature of the relationship, constant monitoring, and detection of suspicious transactions—although this approach presents major difficulties for its application in the field of gambling, since it presupposes a knowledge of the player which it is not comparable to that possessed by credit institutions and/or financial institutions in general.

However, the European legislator took into account the specificities of this activity, allowing the appropriate supervision that the Member State will decide to apply to public gambling, in particular, for transactions amounting to EUR 2000 or more, without providing, however, any exemption for casinos. The goal, in fact, is to have an impact again on the obligations to conduct CDD, having considered it necessary to increase the clarity and transparency of the related rules in order to have adequate controls and procedures to enable a better knowledge of the customer and greater understanding of the nature of the activities performed by him.

The Directive therefore extends the scope of the obligation to apply appropriate CDD also to all the entities offering goods or providing services against payment in cash of amounts of EUR 15,000 or more, as well as to operators of public gambling who conduct financial transactions amounting to over EUR 2000,...