European Sustainability Reporting Standards (ESRS) / ESG regulation / The Sarbanes-Oxley Act

How to Prepare for the New EU AML Directive (5AMLD)

Matt Taylor, Managing Director Risk and Compliance, Protiviti UK

On May 14, the European Parliament and Council formally adopted the fifth and latest update to the European Union’s Anti-Money Laundering Directive (5AMLD). Member states will have up to 18 months to transpose the new requirements into national law, beginning 20 days after the publication of the final text in the Official Journal of the European Union.

The new legislation builds on existing laws established under 4AMLD in 2015, and is an effort to adapt to a broad range of emerging threats facing the EU AML framework — including terrorist threats, anonymous offshore bank accounts and virtual currency.

Major changes include the expansion of AML requirements to include virtual currencies, information sharing among financial intelligence units (FIUs), enhanced beneficial ownership transparency, and public access to company registers through a new centralized bank account registration and retrieval system.

Protiviti published a detailed analysis of the pending changes in February and has updated that report now that the changes have been finalized. The new report outlines the final changes, along with recommended preparations, for all banks and other businesses handling financial transactions within the EU (“obliged entities”) under 5AMLD.

Below is a summary of the changes:

  • Virtual currencies included — In order to mitigate the risks associated with the anonymity of virtual currencies and potential misuse for criminal purposes, the scope of the directive has been broadened to include all persons and entities engaged in exchange services between virtual currencies and fiat currencies, as well as custodian wallet providers. FIUs are expected to obtain, or must be provided, information enabling them to identify the owners of virtual currency.
  • Prepaid cardholder reporting threshold lowered — Financial institutions are now required to identify holders of prepaid cards valued at 150 euros or more (down from a previous threshold of 250 euros).
  • Beneficial ownership reporting — 5AMLD establishes an 18-month deadline for member states to establish corporate beneficial-ownership registers required by 4AMLD (20 months for trusts) and requires member states to verify the accuracy and reliability of those registers.
  • Information sharing with FIUs — To simplify regulatory access to information on account holders, member states must establish centralized bank account registers and make that information available to FIUs in a searchable and unfiltered manner.
  • Enhanced due diligence (EDD) — Member states must apply a specific list of EDD measures for transactions involving certain high-risk third countries and sectors with known deficiencies in their AML regimes.

While obliged entities may still be adjusting to the requirements stemming from 4AMLD, the expanded scope of entities covered by the new 5AMLD, plus the additional new requirements for firms already covered, will necessitate further changes in organizations’ AML programs. For a more detailed analysis of 5AMLD changes and our recommendations on how to prepare, read our Flash Report, available for download on the Protiviti website.

Erin Gavin, a senior manager with Protiviti’s Risk and Compliance practice in the UK, contributed to this content.

Add comment