The New AML World – What Financial and Non-financial Institutions Should Do | EU

Since the 4th AML Directive came into force, all EU-based entities considered to be obliged institutions have started to wrestle with the increasingly complex regulatory requirements aimed at counteracting fraud, money laundering and terrorist financing.

Now, more than ever, AML/CFT regulations can be considered as a true showcase of the ever-changing world of financial regulations. This is due to a plethora of reasons, the most important ones including separate regulations for AML/CFT at the national and EU level, a multitude of local and European supervisory authorities creating additional regulatory frameworks that must be observed by the affected institutions, as well as the close connection between AML/CFT regulations and other new financial regulations imposing other new anti-fraud obligations. What does all this mean in practice for affected institutions now and in the near future?

European regulations have been consistently aiming for centralisation at the EU level for many years. In order to avoid regulatory divergence, the European Commission intends to introduce the so-called AML Package – a rather complex set of AML/CFT rules aimed at strengthening the anti-fraud requirements in individual EU countries. Meanwhile, organising the institutional system for counteracting money laundering and terrorist financing at the national level will be left to the EU directives.

This will include the establishment of an entirely new EU supervisory authority with strong competence in the AML/CFT area and stricter supervision of the obliged institutions across the EU, as well as entirely revised versions of the already existing obligations on, say, the transfer of crypto-assets or aspects of due diligence.

The likely practical consequences of implementing the EU AML Package include impact on the local AML regulations, inevitable changes to the internal documentation of obliged entities (probable changes include internal procedures, whistle-blowing procedures and AML/CFT due diligence-related documents) and – with this – additional costs for financial institutions and changes in the approach of supervisory authorities, the impact of which is already well known to financial entities struggling with highly restrictive AML/CFT requirements.

Recent years have not been kind in the context of new threats in the ML/TF area to which obliged institutions, particularly financial sector entities, must pay attention. The effects of technological changes in the areas of, among others, AI, the war in Ukraine and the recent pandemic, and the newly invented methods of laundering money and financing terrorism that have come with these, have energised European supervisory authorities and international organisations working on AML/CFT-related obligations to develop new foundations for the obliged institutions.

For example, the EBA is now preparing another approach to regulate new financial services related to crypto-assets. As a result, there will be new risk factors for cryptographic service providers, as well as new risk-identification measures that these entities should take into account in their activities. In recent months, the FATF has also been as active as ever, publishing new guidance on the beneficial ownership of legal persons, and a targeted update on the implementation of the FATF standards on virtual assets and virtual asset service providers. These and other regulatory novelties further strengthen the need for obliged entities to review their AML/CFT-related strategies, including risk assessment documents and due diligence protocols.

Money-laundering and terrorist-financing schemes have become increasingly sophisticated over the years, requiring obliged institutions to act more efficiently in the area of AML/CFT. Further enormous investments made by banks to improve their AML/CFT strategies prove this point, with billions spent each year in an attempt to combat the ever-changing world of financial crime.

As such, AI – with its potential for efficiency and accuracy, for example, in the area of transaction monitoring or searching for cases of suspicious circumstances, effectively replacing traditional scenario-based approaches to counter fraud – may soon become not only a useful tool, but a necessity.

The first global suppliers (eg, Google) are already entering the AI market, enabling the detection of suspicious money-laundering activities more quickly and more precisely than traditional methods, although this naturally involves a catch. AML/CFT solutions are being considered, for example, under the EU AI Regulation, which recognises certain products or services as potentially dangerous for use in public institutions.

The AML/CFT regulations can be described in one sentence – they are a work in progress. The coming months will bring not only intensified work on the EU AML Package, which will introduce many new obligations for obliged institutions, but also changes resulting from ESG, DORA, MiCA and AI regulations, which are not unrelated to AML/CFT. One should definitely not forget that mistakes/insufficiencies in the field of AML can lead not only to sanctions and financial repercussions, but also to international bad press.