EU clarifies MLD4 for branches and subsidiaries
28 June 2019
The latest supplement to the fourth money laundering directive provides more clarity for firms with overseas branches or majority-owned subsidiaries. Those in scope have until September to align their policies and procedures to the latest regulatory requirements.
The EU Commission published a Delegated Regulation last month on regulatory technical standards. The document outlined the minimum action and additional measures credit and financial institutions should take to mitigate money laundering and terrorist financing risks in certain third countries.
The regulation came into effect on 3rd June 2019 and will apply from 3rd September 2019, allowing credit and financial institutions enough time to align their policies and procedures to the latest regulatory requirements.
Under MLD4, firms are already required to have group-wide policies and procedures for anti-money laundering and countering terrorist financing. The directive explains that where firms have branches or subsidiaries in third countries and the law does not allow implementation of group policies, they should employ ‘additional measures’ to handle these risks.
The recent EU update gives more information on what these ‘additional measures’ are, including the following:
- Assessing the money laundering and terrorist financing risks potentially targeting a group. The assessment must be recorded, kept up to date and easily accessible should there be a need to share it with competent authorities.
- Accurately reflecting risks relating to money laundering and terrorist financing in the group wide AML policies and procedures.
- Seeking senior management approval at group level for both points 1 and 2.
- Providing tailored and effective training to staff in the third country to help them identify risks from money laundering and terrorist financing.
There is particular guidance for firms operating in jurisdictions with data laws which prohibit or restrict this kind of reporting. If this applies to you, you must ensure that you inform the competent authority of your home member state (for example the FCA in the UK) as soon as possible with the name of the third country concerned. This must be within 28 days and include the following elements:
- An explanation detailing how the implementation of the third country’s local laws prohibit or restrict the application of policies and procedures necessary to mitigate the ML and TF risks potentially associated with a customer.
- A rationale explaining how the implementation of the third country’s law prohibits or restricts the sharing or processing of customer data to address ML and TF requirements.
- A narrative detailing how the implementation of the third country’s law prohibits or restricts the sharing of information relating to suspicious transactions. The firm’s senior management should be aware of such risk exposure to enable them to assess the ML and TF risks associated with the branch or majority-owned subsidiary.
Where possible, credit and financial institutions with third country branches and majority owned subsidiaries should obtain consent from their customers and where appropriate the beneficial owners to overcame local law prohibitions / restrictions to such extent that this is still compatible with the third country’s laws.
Complying with the Fourth Money Laundering Directive
Your group wide policies and procedures as well as AML risk assessments should consider money laundering and terrorist financing risks applicable to branches and majority owned subsidiaries located in third countries. Enhanced checks should reflect the money laundering and terrorist financing risks faced locally and in line with group policies and procedures, ensuring that relevant risks are identified, assessed and mitigated appropriately. You must also ensure that third country branches and majority owned subsidiaries have effective systems and controls in place to identify suspicious transactions.
There are clear guidelines for those who can’t effectively manage the money laundering and terrorist financing risks by applying these additional EU measures. The branch or majority-owned subsidiary should exit such business relationships and no further transactions take place.
You must be able to demonstrate to the competent authorities, on a risk-based approach, that you’ve taken additional measures that are proportionate to the money laundering and terrorist financing risks you face.