The EU is going to revise its fourth money laundering directive by means of a fifth. In the second half of our article on the subject, we look at its 'crypto' policy, its obsession with tracing every transaction in real time, and FIU powers.

Although it does not admit it, the EU itself is fighting a desperate campaign to track and regulate every cash transaction. It published a proposal to place restrictions on cash payments, in an Inception Impact Assessment, on 23 January. In some countries in northern Europe, such as France and Sweden, the 'war on cash' is official policy and the EU is an enthusiastic supporter. Its desire to ensure that no transaction goes unobserved by the state explains both its misgivings about Bitcoin and its hostility to cash.

The EU says that if criminals use cryptocurrencies excessively, they will eventually make those currencies less attractive to legitimate users and will undermine them. The EU’s antidote to this problem is to intervene and clean ‘cryptos’ up. It seems probable that the volume of legitimate trades in virtual currencies (as in fiat currencies) outweighs the volume of illegitimate ones, which ought to help them thrive in future. However, the burden of regulation (and the associated costs of installing and developing compliance systems and controls) will probably make legitimate exchanges a less appealing route for anyone who wants to sell virtual currencies because of the high fees they will have to pay.

Quotation 4: “Member States shall put in place automated centralised mechanisms, such as central registries or central electronic data retrieval systems, which allow the identification, in a timely manner, of any natural or legal persons holding or controlling payment accounts.”

Article 32a of MLD V will, if passed in its present form, add something completely new to the EU’s crusade against money laundering, ordering the European Commission to publish a report by June 2019 in which it outlines its specifications for a central register of all bank account holders. The EU’s draftsmen knew that the public would not like the idea of MLD V insisting on every account being listed, so they tried to make it inevitable by implication. The article calls for the listing of the beneficial owner(s) of all accounts so, logically, this means that every account will have to be listed as an incidental by-product of this rule.

The article also calls on the European Commission to provide other organs of the EU with a ‘legislative proposal,’ whatever form that might take. The passage of MLD V, therefore, is unlikely to mark the end of change in this round of legislation. The EU’s central regulators might also publish ‘regulatory technical standards’ or RTSs at any and every stage.

MLD V, then, seems destined to place a great burden on firms. At this stage of its development, it calls on every firm to provide:

• for the account holder, i.e. the customer, and any person purporting to act on his/its behalf: his/its name, complemented by the other identifying data required by article 13(1)(a) and any additional national requirements, or a unique identifying number;
• for the beneficial owner of the account holder: the name, complemented by the other identifying data required by MLD V, or a unique identification number;
• for the bank or payment account: the IBAN number and the date of account opening and closing; and
• for any safe deposit box: the name and the duration of the lease period.

This provokes a number of interesting thoughts. The intention behind this is to identify ultimate beneficial owners (UBOs). It will, by default, also compel each firm to hand over lists of all the accounts it holds. This data will, in itself, be useful in helping every FIU in every EU state find out how large every one of its firms is.

The current wording of MLD V also states that firms will have to provide an IBAN number for each account, thereby missing the fact that the majority of payment accounts use pooled client accounts as opposed to unique IBAN numbers. This is, however, a first draft and technicalities such as this one will no doubt be ironed out over time.

Firms will be burdened with the task of updating this information regularly. Moreover, the form and method of collecting and uploading this data might be a problem. Will they be required to provide full details of chains of ownership (a notoriously hard task) or just provide data about ultimate beneficiaries? Firms that do not hold this data in digital form (or perhaps only in PDFs or organisational charts in Word documents) will struggle to transmit it at all and may have to conduct ‘remediation exercises’ to make it useable electronically.

Articles 32b and 32c propose the introduction of a register of land ownership in every EU country. This is not novel in the UK but will be in many EU countries. Indeed, some EU countries (such as Austria, Belgium and Croatia) have not even set up the registries of beneficial ownership that MLD IV required them to open before 26 June. Articles 32b and 32c also propose that every EU state should set up a register of all holders of life insurance products.

For those compliance officers involved in, or who remember setting up, reporting in accordance with the European Market Infrastructure Regulation, the big worry will be the way in which the authority that receives this data handles mismatches and discrepancies, which themselves will be caused by firms’ different approaches to CDD and the times at which they verify that data.

Quotation 5: “By the end of 2017, the [European] Commission shall draw up a report on the member-states' FIUs powers and obstacles to co-operation.”

Although the authors of MLD V have expressed a desire for FIUs to share more information with one another, its main theme is that of forcing financial institutions and corporations to hand over more financial information to governments.

Having once stood up in court and attested to the validity of evidence which was some six months out of date, I can confirm that the cross-border sharing and collection of data by various financial intelligence units across Europe is a patchy and sometimes messy process.

The problem, according to the EU, stems from FIUs having “a lack of prescriptive international standards and significant differences as regards their functions, competencies and power.” The EU, therefore, aims to impose on FIUs its own standardised set of rules by which they must share data, superseding the various bilateral agreements they have with one another. It also wants to tap into the reservoir of data that national regulators have on the officers of financial and other firms and to oblige them to hand it over to each other and to the police quickly and without impediment.

The prime way of doing this is to make sure that registries of relevant data are accessible – not least to any EU-wide FIU that may be waiting in the wings – on a “need to know basis.” The phrase “need to know” certainly leaves access open to such an FIU, as nothing could be said to be more needy of an FIU’s information than another FIU. The EU certainly has a plan for a central version of Companies House with FIUs – although not the public – being able to access it. If and when it comes into being, it might contain even more information than Companies House, such as the names and addresses of officers of financial firms culled from regulatory databases, along with copies of identifying documents and organisational structures. If the EU wanted to look up someone’s information on this database, it would be able to do so without his knowledge.

At the same time, MLD V proposes to make beneficial ownership information about corporations, trusts, trust-like structures and other entities available to the general public. This information, however, is likely to be less voluminous than that on the central secret Companies House-style database. It is likely to contain the addresses of service companies but no ‘validation.’

Finally, MLD V says that it is “important to allow financial and credit institutions to exchange information, not only between group members but also other financial and credit institutions, provided that data protection is ensured.”

This may benefit banks when they investigate flows of illicit funds because it might help them to trace and investigate the sources of people’s wealth more easily.

The legal provisions and technicalities that will govern these registers and the sharing of data have, so far, not materialised. However, the General Data Protection Regulations (GDPR) is a few months away. This enormous piece of legislation might dictate that much of the data that banks want to share with each other for AML purposes should also be shared with the relevant data subjects upon request. Many different people might therefore ask this-or-that firm for the same data at the same time, or at different times, so financial firms should take note of this and invest heavily in their data hygiene and storage capacity, the better to manipulate the data on request. Their regulators may soon require them to hand such data over regularly.

* Michael Southgate can be reached on +44 28 9042 5451 or at michael.southgate@fscom.co.uk