Artikelen bij COM(2021)420 - Voorkoming van het gebruik van het financiële stelsel voor witwassen of terrorismefinanciering

Dit is een beperkte versie

U kijkt naar een beperkte versie van dit dossier in de EU Monitor.


Inhoudsopgave

CHAPTER I - GENERAL PROVISIONS

Section 1 - Subject matter and definitions


Article 1 - Subject matter

This Regulation lays down rules concerning:

(a)the measures to be applied by obliged entities to prevent money laundering and terrorist financing;

(b)beneficial ownership transparency requirements for legal entities and arrangements;

(c)measures to limit the misuse of bearer instruments.

Article 2 - Definitions

For the purposes of this Regulation, the following definitions apply:

(1)‘money laundering’ means the conduct as set out in Article 3, paragraphs 1 and 5 of Directive (EU) 2018/1673 including aiding and abetting, inciting and attempting to commit that conduct, whether the activities which generated the property to be laundered were carried out on the territory of a Member State or on that of a third country. Knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances;

(2)‘terrorist financing’ means the conduct set out in Article 11 of Directive (EU) 2017/541 including aiding and abetting, inciting and attempting to commit that conduct, whether carried out on the territory of a Member State or on that of a third country. Knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances;

(3)‘criminal activity’ means criminal activity as defined in Article 2(1) of Directive (EU) 2018/1673, as well as fraud affecting the Union’s financial interests as defined in Article 3(2) of Directive (EU) 2017/1371, passive and active corruption as defined in Article 4 (2) and misappropriation as defined in Article 4(3), second subparagraph of that Directive;

(4)‘property’ means property as defined in Article 2(2) of Directive (EU) 2018/1673;

(5)‘credit institution’ means a credit institution as defined in Article 4(1), point (1) of Regulation (EU) No 575/2013 of the European Parliament and of the Council 42 , including branches thereof, as defined in Article 4(1), point (17) of that Regulation, located in the Union, whether their head office is situated within the Union or in a third country;

(6)‘financial institution’ means:

(a)an undertaking other than a credit institution or an investment firm, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council 43 , including the activities of currency exchange offices (bureaux de change), or the principal activity of which is to acquire holdings, including a financial holding company and a mixed financial holding company;

(b)an insurance undertaking as defined in Article 13, point (1) of Directive 2009/138/EC of the European Parliament and of the Council 44 , insofar as it carries out life or other investment-related assurance activities covered by that Directive, including insurance holding companies and mixed-activity insurance holding companies as defined, respectively, in Article 212(1), points (f) and (g) of Directive 2009/138/EC;

(c)an insurance intermediary as defined in Article 2(1), point (3) of Directive (EU) 2016/97 of the European Parliament and of the Council 45 where it acts with respect to life insurance and other investment-related services;

(d)an investment firm as defined in Article 4(1), point (1) of Directive 2014/65/EU of the European Parliament and of the Council 46 ;

(e)a collective investment undertaking, in particular:

(i) an undertaking for collective investment in transferable securities as defined in Article 1(2) of Directive 2009/65/EC and its management company as defined in Article 2(1)(b) of that Directive or an investment company authorised in accordance with that Directive and which has not designated a management company, that makes available for purchase units of UCITS in the Union;

(ii) an alternative investment fund as defined in Article 4(1)(a) of Directive 2011/61/EU and its alternative investment fund manager as defined in Article 4(1)(b) of that Directive that fall within the scope set out in Article 2 of that Directive;

(f)branches of financial institutions as defined in points (a) to (e), when located in the Union, whether their head office is situated in a Member State or in a third country;

(7)‘trust or company service provider’ means any person that, by way of its business, provides any of the following services to third parties:

(a)the formation of companies or other legal persons;

(b)acting as, or arranging for another person to act as, a director or secretary of a company, a partner of a partnership, or a similar position in relation to other legal persons;

(c)providing a registered office, business address, correspondence or administrative address and other related services for a company, a partnership or any other legal person or arrangement;

(d)acting as, or arranging for another person to act as, a trustee of an express trust or performing an equivalent function for a similar legal arrangement;

(e)acting as, or arranging for another person to act as, a nominee shareholder for another person;

(8)‘gambling services’ means a service which involves wagering a stake with monetary value in games of chance, including those with an element of skill such as lotteries, casino games, poker games and betting transactions that are provided at a physical location, or by any means at a distance, by electronic means or any other technology for facilitating communication, and at the individual request of a recipient of services;

(9)‘mortgage creditor’ means a creditor as defined in Article 4, point (2) of Directive 2014/17/EU of the European Parliament and of the Council 47 ;

(10)‘mortgage credit intermediary’ means a credit intermediary as defined in Article 4, point (5) of Directive 2014/17/EU;

(11)‘consumer creditor‘ means a creditor as defined in Article 3, point (b) of Directive 2008/48/EC of the European Parliament and of the Council 48 ;

(12)‘consumer a credit intermediary’ means a credit intermediary as defined in Article 3, point (f) of Directive 2008/48/EC;

(13)‘crypto-asset’ means a crypto-asset as defined in Article 3(1), point (2) of Regulation [please insert reference – proposal for a Regulation on Markets in Crypto-assets, and amending Directive (EU) 2019/1937 - COM/2020/593 final] except when falling under the categories listed in Article 2(2) of that Regulation or not otherwise qualifying as funds;

(14)‘crypto-asset service provider’ means a crypto-assets service provider as defined in Article 3(1), point (8) of Regulation [please insert reference – proposal for a Regulation on Markets in Crypto-assets, and amending Directive (EU) 2019/1937 - COM/2020/593 final] where performing one or more crypto-asset services as defined in Article 3(1) point (9) of that Regulation;

(15)‘electronic money’ means electronic money as defined in Article 2, point (2) of Directive 2009/110/EC 49 , but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;

(16)‘business relationship’ means a business, professional or commercial relationship which is connected with the professional activities of an obliged entity and which is expected, at the time when the contact is established, to have an element of duration, including a relationship where an obliged entity is asked to form a company or set up a trust for its customer, whether or not the formation of the company or setting up of the trust is the only transaction carried out for that customer;

(17)‘linked transactions’ means two or more transactions with either identical or similar origin and destination, over a specific period of time;

(18)‘third country’ means any jurisdiction, independent state or autonomous territory that is not part of the European Union but that has its own AML/CFT legislation or enforcement regime;

(19)‘correspondent relationship’ means:

(a)the provision of banking services by one credit institution as the correspondent to another credit institution as the respondent, including providing a current or other liability account and related services, such as cash management, international funds transfers, cheque clearing, payable-through accounts and foreign exchange services;

(b)the relationships between and among credit institutions and financial institutions including where similar services are provided by a correspondent institution to a respondent institution, and including relationships established for securities transactions or funds transfers;

(20)‘shell bank’ means a credit institution or financial institution, or an institution that carries out activities equivalent to those carried out by credit institutions and financial institutions, incorporated in a jurisdiction in which it has no physical presence, involving meaningful mind and management, and which is unaffiliated with a regulated financial group;

(21)‘Legal Entity Identifier’ means a unique alphanumeric reference code based on the ISO 17442 standard assigned to a legal entity;

(22)‘beneficial owner’ means any natural person who ultimately owns or controls a legal entity or express trust or similar legal arrangement, as well as any natural person on whose behalf or for the benefit of whom a transaction or activity is being conducted;

(23)‘legal arrangement’ means an express trust or an arrangement which has a similar structure or function to an express trust, including fiducie and certain types of Treuhand and fideicomiso;

(24)‘formal nominee arrangement’ means a contract or a formal arrangement with an equivalent legal value to a contract, between the nominee and the nominator, where the nominator is a legal entity or natural person that issues instructions to a nominee to act on their behalf in a certain capacity, including as a director or shareholder, and the nominee is a legal entity or natural person instructed by the nominator to act on their behalf;

(25)‘politically exposed person’ means a natural person who is or has been entrusted with the following prominent public functions:

(a)in a Member State:

(i) heads of State, heads of government, ministers and deputy or assistant ministers;

(ii) members of parliament or of similar legislative bodies;

(iii) members of the governing bodies of political parties;

(iv) members of supreme courts, of constitutional courts or of other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances;

(v) members of courts of auditors or of the boards of central banks;

(vi) ambassadors, chargés d'affaires and high-ranking officers in the armed forces;

(vii) members of the administrative, management or supervisory bodies of State-owned enterprises;

(b)in an international organisation:

(i) the highest ranking official, his/her deputies and members of the board or equivalent function of an international organisation;

(ii) representatives to a Member State or to the Union;

(c)at Union level:

(i) functions at the level of Union institutions and bodies that are equivalent to those listed in points (a)(i), (ii), (iv), (v) and (vi);

(d)in a third country:

(i) functions that are equivalent to those listed in point (a);

(26)‘family members’ means:

(a)the spouse, or the person in a registered partnership or civil union or in a similar arrangement;

(b)the children and the spouses of, or persons in a registered partnership or civil union or in a similar arrangement with, those children;

(c)the parents;

(27)‘persons known to be close associates’ means:

(a)natural persons who are known to have joint beneficial ownership of legal entities or legal arrangements, or any other close business relations, with a politically exposed person;

(b)natural persons who have sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person;

(28)‘senior management’ means, in addition to executive members of the board of directors or, if there is no board, of its equivalent governing body, an officer or employee with sufficient knowledge of the institution's money laundering and terrorist financing risk exposure and sufficient seniority to take decisions affecting its risk exposure;

(29)‘group’ means a group of undertakings which consists of a parent undertaking, its subsidiaries, and the entities in which the parent undertaking or its subsidiaries hold a participation, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU of the European Parliament and of the Council 50 ;

(30)‘cash’ means currency, bearer-negotiable instruments, commodities used as highly-liquid stores of value and prepaid cards, as defined in Article 2(1), points (c) to (f) of Regulation (EU) 2018/1672 of the European Parliament and of the Council 51 ;

(31)‘competent authority’ means:

(a)a Financial Intelligence Unit;

(b)a supervisory authority as defined under point (33);

(c)a public authority that has the function of investigating or prosecuting money laundering, its predicate offences or terrorist financing, or that has the function of tracing, seizing or freezing and confiscating criminal assets;

(d)a public authority with designated responsibilities for combating money laundering or terrorist financing;

(32)‘supervisor’ means the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including the Authority for anti-money laundering and countering the financing of terrorism (AMLA) when performing the tasks entrusted on it in Article 5(2) of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final];

(33)‘supervisory authority’ means a supervisor who is a public body, or the public authority overseeing self-regulatory bodies in their performance of supervisory functions pursuant to Article 29 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final];

(34)‘self-regulatory body’ means a body that represents members of a profession and has a role in regulating them, in performing certain supervisory or monitoring functions and in ensuring the enforcement of the rules relating to them;

(35)‘targeted financial sanctions’ means both asset freezing and prohibitions to make funds or other assets available, directly or indirectly, for the benefit of designated persons and entities pursuant to Council Decisions adopted on the basis of Article 29 of the Treaty on European Union and Council Regulations adopted on the basis of Article 215 of the Treaty on the Functioning of the European Union;

(36)‘proliferation financing-related targeted financial sanctions’ means those targeted financial sanctions referred to in point (35) that are imposed pursuant to Council Decision (CFSP) 2016/849 and Council Decision 2010/413/CFSP and pursuant to Council Regulation (EU) 2017/1509 and Council Regulation (EU) 267/2012.

Section 2 - Scope


Article 3 - Obliged entities

The following entities are to be considered obliged entities for the purposes of this Regulation:

(1)credit institutions;

(2)financial institutions;

(3)the following natural or legal persons acting in the exercise of their professional activities:

(a) auditors, external accountants and tax advisors, and any other natural or legal person that undertakes to provide, directly or by means of other persons to which that other person is related, material aid, assistance or advice on tax matters as principal business or professional activity;

(b) notaries and other independent legal professionals, where they participate, whether by acting on behalf of and for their client in any financial or real estate transaction, or by assisting in the planning or carrying out of transactions for their client concerning any of the following:

(i) buying and selling of real property or business entities;

(ii) managing of client money, securities or other assets;

(iii) opening or management of bank, savings or securities accounts;

(iv) organisation of contributions necessary for the creation, operation or management of companies;

(v) creation, operation or management of trusts, companies, foundations, or similar structures;

(c) trust or company service providers;

(d) estate agents, including when acting as intermediaries in the letting of immovable property for transactions for which the monthly rent amounts to EUR 10 000 or more, or the equivalent in national currency;

(e) persons trading in precious metals and stones;

(f) providers of gambling services;

(g) crypto-asset service providers;

(h) crowdfunding service providers other than those regulated by Regulation (EU) 2020/1503;

(i) persons trading or acting as intermediaries in the trade of works of art, including when this is carried out by art galleries and auction houses, where the value of the transaction or linked transactions amounts to at least EUR 10 000 or the equivalent in national currency;

(j) persons storing, trading or acting as intermediaries in the trade of works of art when this is carried out within free zones and customs warehouses, where the value of the transaction or linked transactions amounts to at least EUR 10 000 or the equivalent in national currency;

(k) creditors for mortgage and consumer credits, other than credit institutions defined in Article 2(5) and financial institutions defined in Article 2(6), and credit intermediaries for mortgage and consumer credits;

(l) investment migration operators permitted to represent or offer intermediation services to third country nationals seeking to obtain residence rights in a Member State in exchange of any kind of investment, including capital transfers, purchase or renting of property, investment in government bonds, investment in corporate entities, donation or endowment of an activity to the public good and contributions to the state budget.

Article 4 - Exemptions for certain providers of gambling services

1.With the exception of casinos, Member States may decide to exempt, in full or in part, providers of gambling services from the requirements set out in this Regulation on the basis of the proven low risk posed by the nature and, where appropriate, the scale of operations of such services.

2.For the purposes of paragraph 1, Member States shall carry out a risk assessment of gambling services assessing:

(a)money laundering and terrorist financing vulnerabilities and mitigating factors of the gambling services;

(b)the risks linked to the size of the transactions and payment methods used;

(c)the geographical area in which the gambling service is administered.

When carrying out such risk assessments, Member States shall take into account the findings of the risk assessment drawn up by the Commission pursuant to Article 7 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final].

3.Member States shall establish risk-based monitoring activities or take other adequate measures to ensure that the exemptions granted pursuant to this Article are not abused.

Article 5 - Exemptions for certain financial activities

1.With the exception of persons engaged in the activity of money remittance as defined in Article 4, point (22) of Directive (EU) 2015/2366, Member States may decide to exempt persons that engage in a financial activity as listed in Annex I, points (2) to (12), (14) and (15), to Directive 2013/36/EU on an occasional or very limited basis where there is little risk of money laundering or terrorist financing from the requirements set out in this Regulation, provided that all of the following criteria are met:

(a)the financial activity is limited in absolute terms;

(b)the financial activity is limited on a transaction basis;

(c)the financial activity is not the main activity of such persons;

(d)the financial activity is ancillary and directly related to the main activity of such persons;

(e)the main activity of such persons is not an activity referred to in Article 3, point (3)(a) to (d) or (f);

(f)the financial activity is provided only to the customers of the main activity of such persons and is not generally offered to the public.

2.For the purposes of paragraph 1, point (a), Member States shall require that the total turnover of the financial activity does not exceed a threshold which shall be sufficiently low. That threshold shall be established at national level, depending on the type of financial activity.

3.For the purposes of paragraph 1, point (b), Member States shall apply a maximum threshold per customer and per single transaction, whether the transaction is carried out in a single operation or in several operations which appear to be linked. That maximum threshold shall be established at national level, depending on the type of financial activity. It shall be sufficiently low in order to ensure that the types of transactions in question are an impractical and inefficient method for money laundering or terrorist financing, and shall not exceed EUR 1 000 or the equivalent in national currency.

4.For the purposes of paragraph 1, point (c), Member States shall require that the turnover of the financial activity does not exceed 5 % of the total turnover of the natural or legal person concerned.

5.In assessing the risk of money laundering or terrorist financing for the purposes of this Article, Member States shall pay particular attention to any financial activity which is considered to be particularly likely, by its nature, to be used or abused for the purposes of money laundering or terrorist financing.

6.Member States shall establish risk-based monitoring activities or take other adequate measures to ensure that the exemptions granted pursuant to this Article are not abused.

Article 6 - Prior notification of exemptions

1.Member States shall notify the Commission of any exemption that they intend to grant in accordance with Articles 4 and 5 without delay. The notification shall include a justification based on the relevant risk assessment for the exemption.

2.The Commission shall within two months from the notification referred to in paragraph 2 take one of the following actions:

(a)confirm that the exemption may be granted;

(b)by reasoned decision, declare that the exemption may not be granted.

3.Upon reception of a decision by the Commission pursuant to paragraph 2(a), Member States may adopt the decision granting the exemption. Such decision shall state the reasons on which it is based. Member States shall review such decisions regularly, and in any case when they update their national risk assessment pursuant to Article 8 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final].

4.By [3 months from the date of application of this Regulation], Member States shall notify to the Commission the exemptions granted pursuant to Article 2(2) and (3) of Directive (EU) 2015/849 in place at the time of the date of application of this Regulation.

5.The Commission shall publish every year in the Official Journal of the European Union the list of exemptions granted pursuant to this Article.

CHAPTER II - INTERNAL POLICIES, CONTROLS AND PROCEDURES OF OBLIGED ENTITIES

SECTION 1 - Internal procedures, risk assessment and staff


Article 7 - Scope of internal policies, controls and procedures

1.Obliged entities shall have in place policies, controls and procedures in order to ensure compliance with this Regulation and in particular to:

(a)mitigate and manage effectively the risks of money laundering and terrorist financing identified at the level of the Union, the Member State and the obliged entity;

(b)in addition to the obligation to apply targeted financial sanctions, mitigate and manage the risks of non-implementation and evasion of proliferation financing-related targeted financial sanctions.

Those policies, controls and procedures shall be proportionate to the nature and size of the obliged entity.

2.The policies, controls and procedures referred to in paragraph 1 shall include:

(a)the development of internal policies, controls and procedures, including risk management practices, customer due diligence, reporting, reliance and record-keeping, the monitoring and management of compliance with such policies, controls and procedures, as well as policies in relation to the processing of personal data pursuant to Article 55;

(b)policies, controls and procedures to identify, scrutinise and manage business relationships or occasional transactions that pose a higher or lower money laundering and terrorist financing risk;

(c)an independent audit function to test the internal policies, controls and procedures referred to in point (a);

(d)the verification, when recruiting and assigning staff to certain tasks and functions and when appointing its agents and distributors, that those persons are of good repute, proportionate to the risks associated with the tasks and functions to be performed;

(e)the internal communication of the obliged entity’s internal policies, controls and procedures, including to its agents and distributors;

(f)a policy on the training of employees and, where relevant, its agents and distributors with regard to measures in place in the obliged entity to comply with the requirements of this Regulation.

The internal policies, controls and procedures set out in the first subparagraph, points (a) to (f) shall be recorded in writing. The senior management shall approve those policies controls and procedures.

3.The obliged entities shall keep the policies, controls and procedures up to date, and enhance them where weaknesses are identified.

4.By [2 years after the entry into force of this Regulation], AMLA shall issue guidelines on the elements that obliged entities should take into account when deciding on the extent of their internal policies, controls and procedures.

Article 8 - Risk assessment

1.Obliged entities shall take appropriate measures, proportionate to their nature and size, to identify and assess the risks of money laundering and terrorist financing to which they are exposed, as well as the risks of non-implementation and evasion of proliferation financing-related targeted financial sanctions, taking into account:

(a)the risk variables set out in Annex I and the risk factors set out in Annexes II and III;

(b)the findings of the supra-national risk assessment drawn up by the Commission pursuant to Article 7 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final];

(c)the findings of the national risk assessments carried out by the Member States pursuant to Article 8 of [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final].

2.The risk assessment drawn up by the obliged entity pursuant to paragraph 1 shall be documented, kept up-to-date and made available to supervisors.

3.Supervisors may decide that individual documented risk assessments are not required where the specific risks inherent in the sector are clear and understood.

Article 9 - Compliance functions

1.Obliged entities shall appoint one executive member of their board of directors or, if there is no board, of its equivalent governing body who shall be responsible for the implementation of measures to ensure compliance with this Regulation (‘compliance manager’). Where the entity has no governing body, the function should be performed by a member of its senior management.

2.The compliance manager shall be responsible for implementing the obliged entity’s policies, controls and procedures and for receiving information on significant or material weaknesses in such policies, controls and procedures. The compliance manager shall regularly report on those matters to the board of director or equivalent governing body. For parent undertakings, that person shall also be responsible for overseeing group-wide policies, controls and procedures.

3.Obliged entities shall have a compliance officer, to be appointed by the board of directors or governing body, who shall be in charge of the day-to-day operation of the obliged entity’s anti-money laundering and countering the financing of terrorism (AML/CFT) policies. That person shall also be responsible for reporting suspicious transactions to the Financial Intelligence Unit (FIU) in accordance with Article 50(6).

In the case of obliged entities subject to checks on their senior management or beneficial owners pursuant to Article 6 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final] or under other Union acts, compliance officers shall be subject to verification that they comply with those requirements.

An obliged entity that is part of a group may appoint as its compliance officer an individual who performs that function in another entity within that group.

4.Obliged entities shall provide the compliance functions with adequate resources, including staff and technology, in proportion to the size, nature and risks of the obliged entity for the implementation of compliance functions, and shall ensure that the powers to propose any measures necessary to ensure the effectiveness of the obliged entity’s internal policies, controls and procedures are granted to the persons responsible for those functions.

5.The compliance manager shall submit once a year, or more frequently where appropriate, to the governing body a report on the implementation of the obliged entity’s internal policies, controls and procedures, and shall keep the management body informed of the outcome of any reviews. The governing body shall take the necessary actions to remedy any deficiencies identified in a timely manner.

6.Where the size of the obliged entity justifies it, the functions referred to in paragraphs 1 and 3 may be performed by the same natural person.

Where the obliged entity is a natural person or a legal person whose activities are performed by one natural person only, that person shall be responsible for performing the tasks under this Article.

Article 10 - Awareness of requirements

Obliged entities shall take measures to ensure that their employees whose function so requires, as well as their agents and distributors are aware of the requirements arising from this Regulation and of the internal policies, controls and procedures in place in the obliged entity, including in relation to the processing of personal data for the purposes of this Regulation.

The measures referred to in the first subparagraph shall include the participation of employees in specific, ongoing training programmes to help them recognise operations which may be related to money laundering or terrorist financing and to instruct them as to how to proceed in such cases. Such training programmes shall be duly documented.

Article 11 - Integrity of employees

1.Any employee of an obliged entity entrusted with tasks related to the obliged entity’s compliance with this Regulation and Regulation [please insert reference – proposal for a recast of Regulation (EU) 2015/847 - COM/2021/422 final] shall undergo an assessment approved by the compliance officer of:

(a)individual skills, knowledge and expertise to carry out their functions effectively;

(b)good repute, honesty and integrity.

2.Employees entrusted with tasks related to the obliged entity’s compliance with this Regulation shall inform the compliance officer of any close private or professional relationship established with the obliged entity’s customers or prospective customers and shall be prevented from undertaking any tasks related to the obliged entity’s compliance in relation to those customers.

3.Obliged entities shall have in place appropriate procedures for their employees, or persons in a comparable position, to report breaches of this Regulation internally through a specific, independent and anonymous channel, proportionate to the nature and size of the obliged entity concerned.

Obliged entities shall take measures to ensure that employees, managers or agents who report breaches pursuant to the first subparagraph are protected against retaliation, discrimination and any other unfair treatment.

4.This Article shall not apply to obliged entities that are sole traders.

Article 12 - Situation of specific employees

Where a natural person falling within any of the categories listed in Article 3, point (3) performs professional activities as an employee of a legal person, the requirements laid down in this Section shall apply to that legal person rather than to the natural person.

SECTION 2 - Provisions applying to groups


Article 13 - Group-wide requirements

1.A parent undertaking shall ensure that the requirements on internal procedures, risk assessment and staff referred to in Section 1 of this Chapter apply in all branches and subsidiaries of the group in the Member States and, for groups whose parent undertaking is established in the Union in third countries. The group-wide policies, controls and procedures shall also include data protection policies and policies, controls and procedures for sharing information within the group for AML/CFT purposes.

2.The policies, controls and procedures pertaining to the sharing of information referred to in paragraph 1 shall require obliged entities within the group to exchange information when such sharing is relevant for preventing money laundering and terrorist financing. The sharing of information within the group shall cover in particular the identity and characteristics of the customer, its beneficial owners or the person on behalf of whom the customer acts, the nature and purpose of the business relationship and the suspicions that funds are the proceeds of criminal activity or are related to terrorist financing reported to FIU pursuant to Article 50, unless otherwise instructed by the FIU.

Groups shall put in place group-wide policies, controls and procedures to ensure that the information exchanged pursuant to the first subparagraph is subject to sufficient guarantees in terms of confidentiality, data protection and use of the information, including to prevent its disclosure.

3.By [2 years from the entry into force of this Regulation], AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall specify the minimum requirements of group-wide policies, including minimum standards for information sharing within the group, the role and responsibilities of parent undertakings that are not themselves obliged entities with respect to ensuring group-wide compliance with AML/CFT requirements and the conditions under which the provisions of this Article apply to entities that are part of structures which share common ownership, management or compliance control, including networks or partnerships.

4.The Commission is empowered to supplement this Regulation by adopting the regulatory technical standards referred to in paragraph 3 of this Article in accordance with Articles 38 to 41 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

Article 14 - Branches and subsidiaries in third countries

1.Where branches or subsidiaries of obliged entities are located in third countries where the minimum AML/CFT requirements are less strict than those set out in this Regulation, the obliged entity concerned shall ensure that those branches or subsidiaries comply with the requirements laid down in this Regulation, including requirements concerning data protection, or equivalent.

2.Where the law of a third country does not permit compliance with the requirements laid down in this Regulation, obliged entities shall take additional measures to ensure that branches and subsidiaries in that third country effectively handle the risk of money laundering or terrorist financing, and the head office shall inform the supervisors of their home Member State. Where the supervisors of the home Member State consider that the additional measures are not sufficient, they shall exercise additional supervisory actions, including requiring the group not to establish any business relationship, to terminate existing ones or not to undertake transactions, or to close down its operations in the third country.

3.By [2 years after the date of entry into force of this Regulation], AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall specify the type of additional measures referred to in paragraph 2, including the minimum action to be taken by obliged entities where the law of a third country does not permit the implementation of the measures required under Article 13 and the additional supervisory actions required in such cases.

4.The Commission is empowered to supplement this Regulation by adopting the regulatory technical standards referred to in paragraph 3 of this Article in accordance with Articles 38 to 41 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

CHAPTER III - CUSTOMER DUE DILIGENCE

SECTION 1 - General provisions


Article 15 - Application of customer due diligence

1.Obliged entities shall apply customer due diligence measures in any of the following circumstances:

(a)when establishing a business relationship;

(b)when involved in or carrying out an occasional transaction that amounts to EUR 10 000 or more, or the equivalent in national currency, whether that transaction is carried out in a single operation or through linked transactions, or a lower threshold laid down pursuant to paragraph 5;

(c)when there is a suspicion of money laundering or terrorist financing, regardless of any derogation, exemption or threshold;

(d)when there are doubts about the veracity or adequacy of previously obtained customer identification data.

2.In addition to the circumstances referred to in paragraph 1, credit and financial institutions and crypto-asset service providers shall apply customer due diligence when either initiating or executing an occasional transaction that constitutes a transfer of funds as defined in Article 3, point (9) of Regulation [please insert reference – proposal for a recast of Regulation (EU) 2015/847 - COM/2021/422 final], or a transfer of crypto-assets as defined in Article 3, point (10) of that Regulation , exceeding EUR 1 000 or the equivalent in national currency.

3.Providers of gambling services shall apply customer due diligence upon the collection of winnings, the wagering of a stake, or both, when carrying out transactions amounting to at least EUR 2 000 or the equivalent in national currency, whether the transaction is carried out in a single operation or in linked transactions.

4.In the case of credit institutions, the performance of customer due diligence shall also take place, under the oversight of supervisors, at the moment that the institution has been determined failing or likely to fail pursuant to Article 32(1) of Directive 2014/59/EU of the European Parliament and of the Council 52 or when the deposits are unavailable in accordance with Article 2(1)(8) of Directive 2014/49/EU of the European Parliament and of the Council 53 . Supervisors shall decide on the intensity and scope of such customer due diligence measures having regard to the specific circumstances of the credit institution.

5.By [2 years from the date of entry into force of this Regulation], AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall specify:

(a)the obliged entities, sectors or transactions that are associated with higher money laundering and terrorist financing risk and which shall comply with thresholds lower than those set in paragraph 1 point (b);

(b)the related occasional transaction thresholds;

(c)the criteria to identify linked transactions.

When developing the draft regulatory technical standards referred to in the first sub-paragraph, AMLA shall take due account of the following:

(a)the inherent levels of risks of the business models of the different types of obliged entities;

(b)the supra-national risk assessment developed by the Commission pursuant to Article 7 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final].

6.The Commission is empowered to supplement this Regulation by adopting the regulatory technical standards referred to in paragraph 5 of this Article in accordance with Articles 38 to 41 of [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

Article 16 - Customer due diligence measures

1.For the purpose of conducting customer due diligence, obliged entities shall apply all of the following measures:

(a)identify the customer and verify the customer’s identity;

(b)identify the beneficial owner(s) pursuant to Articles 42 and 43 and verify their identity so that the obliged entity is satisfied that it knows who the beneficial owner is and that it understands the ownership and control structure of the customer;

(c)assess and, as appropriate, obtain information on the purpose and intended nature of the business relationship;

(d)conduct ongoing monitoring of the business relationship including scrutiny of transactions undertaken throughout the course of the business relationship to ensure that the transactions being conducted are consistent with the obliged entity's knowledge of the customer, the business and risk profile, including where necessary the source of funds.

When applying the measures referred to in points (a) and (b) of the first subparagraph, obliged entities shall also verify that any person purporting to act on behalf of the customer is so authorised and shall identify and verify the identity of that person in accordance with Article 18.

2.Obliged entities shall determine the extent of the measures referred to in paragraph 1 on the basis of an individual analysis of the risks of money laundering and terrorist financing having regard to the specific characteristics of the client and of the business relationship or occasional transaction, and taking into account the risk assessment by the obliged entity pursuant to Article 8 and the money laundering and terrorist financing variables set out in Annex I as well as the risk factors set out in Annexes II and III.

Where obliged entities identify an increased risk of money laundering or terrorist financing they shall take enhanced due diligence measures pursuant to Section 4 of this Chapter. Where situations of lower risk are identified, obliged entities may apply simplified due diligence measures pursuant to Section 3 of this Chapter.

3.By [2 years after the date of application of this Regulation], AMLA shall issue guidelines on the risk variables and risk factors to be taken into account by obliged entities when entering into business relationships or carrying out occasional transactions.

4.Obliged entities shall at all times be able to demonstrate to their supervisors that the measures taken are appropriate in view of the risks of money laundering and terrorist financing that have been identified.

Article 17 - Inability to comply with the requirement to apply customer due diligence measures

1.Where an obliged entity is unable to comply with the customer due diligence measures laid down in Article 16(1), it shall refrain from carrying out a transaction or establishing a business relationship, and shall terminate the business relationship and consider filing a suspicious transaction report to the FIU in relation to the customer in accordance with Article 50.

The first subparagraph shall not apply to notaries, lawyers and other independent legal professionals, auditors, external accountants and tax advisors, to the strict extent that those persons ascertain the legal position of their client, or perform the task of defending or representing that client in, or concerning, judicial proceedings, including providing advice on instituting or avoiding such proceedings.

2.Where obliged entities either accept or refuse to enter in a business relationship, they shall keep record of the actions taken in order to comply with the requirement to apply customer due diligence measures, including records of the decisions taken and the relevant supporting documents. Documents, data or information held by the obliged entity shall be updated whenever the customer due diligence is reviewed pursuant to Article 21.

Article 18 - Identification and verification of the customer’s identity

1.With the exception of cases of lower risk to which measures under Section 3 apply and irrespective of the application of additional measures in cases of higher risk under Section 4 obliged entities shall obtain at least the following information in order to identify the customer and the person acting on their behalf:

(a)for a natural person:

(i) the forename and surname;

(ii) place and date of birth;

(iii) nationality or nationalities, or statelessness and refugee or subsidiary protection status where applicable, and the national identification number, where applicable;

(iv) the usual place of residence or, if there is no fixed residential address with legitimate residence in the Union, the postal address at which the natural person can be reached and, where possible, the occupation, profession, or employment status and the tax identification number;

(b)for a legal entity:

(i) legal form and name of the legal entity;

(ii) address of the registered or official office and, if different, the principal place of business, and the country of incorporation;

(iii) the names of the legal representatives as well as, where available, the registration number, the tax identification number and the Legal Entity Identifier. Obliged entities shall also verify that the legal entity has activities on the basis of accounting documents for the latest financial year or other relevant information;

(c)for a trustee of an express trust or a person holding an equivalent position in a similar legal arrangement:

(i) the information referred to in Article 44(1), points (a) and (b), and in point (b) of this paragraph for all the persons identified as beneficial owners;

(ii) the address of residence of the trustee(s) or person(s) holding an equivalent position in a similar legal arrangement, and the powers that regulate and bind the legal arrangements, as well as, where available, the tax identification number and the Legal Entity Identifier;

(d)for other organisations that have legal capacity under national law:

(i) name, address of the registered office or equivalent;

(ii) names of the persons empowered to represent the organisation as well as, where applicable, legal form, tax identification number, register number, Legal Entity Identifier and deeds of association or equivalent.

2.For the purposes of identifying the beneficial owner of a legal entity, obliged entities shall collect the information referred to in Article 44(1), point (a), and the information referred to in paragraph 1, point (b), of this Article.

Where, after having exhausted all possible means of identification pursuant to the first subparagraph, no natural person is identified as beneficial owner, or where there is any doubt that the person(s) identified is/are the beneficial owner(s), obliged entities shall identify the natural person(s) holding the position(s) of senior managing official(s) in the corporate or other legal entity and shall verify their identity. Obliged entities shall keep records of the actions taken as well as of the difficulties encountered during the identification process, which led to resorting to the identification of a senior managing official.

3.In the case of beneficiaries of trusts or similar legal entities or arrangements that are designated by particular characteristics or class, an obliged entity shall obtain sufficient information concerning the beneficiary so that it will be able to establish the identity of the beneficiary at the time of the payout or at the time of the exercise by the beneficiary of its vested rights.

4.Obliged entities shall obtain the information, documents and data necessary for the verification of the customer and beneficial owner identity through either of the following:

(a)the submission of the identity document, passport or equivalent and the acquisition of information from reliable and independent sources, whether accessed directly or provided by the customer;

(b)the use of electronic identification means and relevant trust services as set out in Regulation (EU) 910/2014.

For the purposes of verifying the information on the beneficial owner(s), obliged entities shall also consult the central registers referred to in Article 10 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final] as well as additional information. Obliged entities shall determine the extent of the additional information to be consulted, having regard to the risks posed by the transaction or the business relationship and the beneficial owner.

Article 19 - Timing of the verification of the customer and beneficial owner identity

1.Verification of the identity of the customer and of the beneficial owner shall take place before the establishment of a business relationship or the carrying out of an occasional transaction. Such obligation shall not apply to situations of lower risk under Section 3 of this Chapter, provided that the lower risk justifies postponement of such verification.

2.By way of derogation from paragraph 1, verification of the identity of the customer and of the beneficial owner may be completed during the establishment of a business relationship if necessary so as not to interrupt the normal conduct of business and where there is little risk of money laundering or terrorist financing. In such situations, those procedures shall be completed as soon as practicable after initial contact.

3.By way of derogation from paragraph 1, a credit institution or financial institution may open an account, including accounts that permit transactions in transferable securities, as may be required by a customer provided that there are adequate safeguards in place to ensure that transactions are not carried out by the customer or on its behalf until full compliance with the customer due diligence requirements laid down in Article 16(1), first subparagraph, points (a) and (b) is obtained.

4.Whenever entering into a new business relationship with a legal entity or the trustee of an express trust or the person holding an equivalent position in a similar legal arrangement referred to in Articles 42, 43 and 48 and subject to the registration of beneficial ownership information pursuant to Article 10 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final], obliged entities shall collect proof of registration or an excerpt of the register.

Article 20 - Identification of the purpose and intended nature of a business relationship or occasional transaction

Before entering into a business relationship or performing an occasional transaction, an obliged entity shall obtain at least the following information in order to understand its purpose and intended nature:

(a)the purpose of the envisaged account, transaction or business relationship;

(b)the estimated amount and economic rationale of the envisaged transactions or activities;

(c)the source of funds;

(d)the destination of funds.

Article 21 - Ongoing monitoring of the business relationship and monitoring of transactions performed by customers

1.Obliged entities shall conduct ongoing monitoring of the business relationship, including transactions undertaken by the customer throughout the course of that relationship, to control that those transactions are consistent with the obliged entity’s knowledge of the customer, the customer’s business activity and risk profile, and where necessary, with the information about the origin of the funds and to detect those transactions that shall be made subject to a more thorough analysis pursuant to Article 50.

2.In the context of the ongoing monitoring referred to in paragraph 1, obliged entities shall ensure that the relevant documents, data or information of the customer are kept up-to-date.

The frequency of updating customer information pursuant to the first sub-paragraph shall be based on the risk posed by the business relationship. The frequency of updating of customer information shall in any case not exceed five years.

3.In addition to the requirements set out in paragraph 2, obliged entities shall review and, where relevant, update the customer information where:

(a)there is a change in the relevant circumstances of a customer;

(b)the obliged entity has a legal obligation in the course of the relevant calendar year to contact the customer for the purpose of reviewing any relevant information relating to the beneficial owner(s) or to comply with Council Directive 2011/16/EU 54 ;

(c)they become aware of a relevant fact which pertains to the customer.

4.By [2 years after the entry into force of this Regulation], AMLA shall issue guidelines on ongoing monitoring of a business relationship and on the monitoring of the transactions carried out in the context of such relationship.

Article 22 - Regulatory technical standards on the information necessary for the performance of customer due diligence

1.By [2 years after the entry into force of this Regulation] AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall specify:

(a)the requirements that apply to obliged entities pursuant to Article 16 and the information to be collected for the purpose of performing standard, simplified and enhanced customer due diligence pursuant to Articles 18 and 20 and Articles 27(1) and 28(4), including minimum requirements in situations of lower risk;

(b)the type of simplified due diligence measures which obliged entities may apply in situations of lower risk pursuant to Article 27(1),including measures applicable to specific categories of obliged entities and products or services, having regard to the results of the supra-national risk assessment drawn up by the Commission pursuant to Article 7 of [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final];

(c)the reliable and independent sources of information that may be used to verify the identification data of natural or legal persons for the purposes of Article 18(4);

(d)the list of attributes which electronic identification means and relevant trust services referred to in Article 18(4), point (b), must feature in order to fulfil the requirements of Article 16, points (a), (b) and (c) in case of standard, simplified and enhanced customer diligence.

2.The requirements and measures referred to in paragraph 1, points (a) and (b), shall be based on the following criteria:

(a)the inherent risk involved in the service provided;

(b)the nature, amount and recurrence of the transaction;

(c)the channels used for conducting the business relationship or the occasional transaction.

3.AMLA shall review regularly the regulatory technical standards and, if necessary, prepare and submit to the Commission the draft for updating those standards in order, inter alia, to take account of innovation and technological developments.

4.The Commission is empowered to supplement this Regulation by adopting the regulatory technical standards referred to in paragraphs 1 and 3 of this Article in accordance with Articles 38 to 41 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final].

SECTION - 2



Third-country policy and ML/TF threats from outside the Union

Article 23 - Identification of third countries with significant strategic deficiencies in their national AML/CFT regimes

1.Third countries with significant strategic deficiencies in their national AML/CFT regimes shall be identified by the Commission and designated as ‘high-risk third countries’.

2.In order to identify the countries referred to in paragraph 1, the Commission is empowered to adopt delegated acts in accordance with Article 60 to supplement this Regulation, where:

(a)significant strategic deficiencies in the legal and institutional AML/CFT framework of the third country have been identified;

(b)significant strategic deficiencies in the effectiveness of the third country’s AML/CFT system in addressing money laundering or terrorist financing risks have been identified;

(c)the significant strategic deficiencies identified under points (a) and (b) are of a persistent nature and no measures to mitigate them have been taken or are being taken.

Those delegated acts shall be adopted within one month after the Commission has ascertained that the criteria in point (a), (b) or (c) are met.

3.For the purposes of paragraph 2, the Commission shall take into account calls for the application of enhanced due diligence measures and additional mitigating measures (‘countermeasures’) by international organisations and standard setters with competence in the field of preventing money laundering and combating terrorist financing, as well as relevant evaluations, assessments, reports or public statements drawn up by them.

4.Where a third country is identified in accordance with the criteria referred to in paragraph 3, obliged entities shall apply enhanced due diligence measures listed in Article 28(4), points (a) to (g) with respect to the business relationships or occasional transactions involving natural or legal persons from that third country.

5.The delegated act referred to in paragraph 2 shall identify among the countermeasures listed in Article 29 the specific countermeasures mitigating country-specific risks stemming from high-risk third countries.

6.The Commission shall review the delegated acts referred to in paragraph 2 on a regular basis to ensure that the specific countermeasures identified pursuant to paragraph 5 take account of the changes in the AML/CFT framework of the third country and are proportionate and adequate to the risks.

Article 24 - Identification of third countries with compliance weaknesses in their national AML/CFT regimes

1.Third countries with compliance weaknesses in their national AML/CFT regimes shall be identified by the Commission.

2.In order to identify the countries referred to in paragraph 1, the Commission is empowered to adopt delegated acts in accordance with Article 60 to supplement this Regulation, where:

(a)compliance weaknesses in the legal and institutional AML/CFT framework of the third country have been identified;

(b)compliance weaknesses in the effectiveness of the third country’s AML/CFT system in addressing money laundering or terrorist financing risks have been identified.

Those delegated acts shall be adopted within one month after the Commission has ascertained that the criteria in point (a) or (b) are met.

3.The Commission, when drawing up the delegated acts referred to in paragraph 2 shall take into account information on jurisdictions under increased monitoring by international organisations and standard setters with competence in the field of preventing money laundering and combating terrorist financing, as well as relevant evaluations, assessments, reports or public statements drawn up by them.

4.The delegated act referred to in paragraph 2 shall identify the specific enhanced due diligence measures among those listed in Article 28(4), points (a) to (g), that obliged entities shall apply to mitigate risks related to business relationships or occasional transactions involving natural or legal persons from that third country.

5.The Commission shall review the delegated acts referred to in paragraph 2 on a regular basis to ensure that the specific enhanced due diligence measures identified pursuant to paragraph 4 take account of the changes in the AML/CFT framework of the third country and are proportionate and adequate to the risks.

Article 25 - Identification of third countries posing a threat to the Union’s financial system

1.The Commission is empowered to adopt delegated acts in accordance with Article 60 identifying third countries that pose a specific and serious threat to the financial system of the Union and the proper functioning of the internal market other than those covered by Articles 23 and 24.

2.The Commission, when drawing up the delegated acts referred to in paragraph 1, shall take into account in particular the following criteria:

(a)the legal and institutional AML/CFT framework of the third country, in particular:

(i) the criminalisation of money laundering and terrorist financing;

(ii) measures relating to customer due diligence;

(iii) requirements relating to record-keeping;

(iv) requirements to report suspicious transactions;

(v) the availability of accurate and timely information of the beneficial ownership of legal persons and arrangements to competent authorities;

(b)the powers and procedures of the third country’s competent authorities for the purposes of combating money laundering and terrorist financing including appropriately effective, proportionate and dissuasive sanctions, as well as the third country’s practice in cooperation and exchange of information with Member States’ competent authorities;

(c)the effectiveness of the third country’s AML/CFT system in addressing money laundering or terrorist financing risks;

3.For the purposes of determining the level of threat referred to in paragraph 1, the Commission may request AMLA to adopt an opinion aimed at assessing the specific impact on the integrity of the Union’s financial system due to the level of threat posed by a third country.

4.The Commission, when drawing up the delegated acts referred to in paragraph 1, shall take into account in particular relevant evaluations, assessments or reports drawn up by international organisations and standard setters with competence in the field of preventing money laundering and combating terrorist financing.

5.Where the identified specific and serious threat from the concerned third country amounts to a significant strategic deficiency, Article 23(4) shall apply and the delegated act referred to in paragraph 2 shall identify specific countermeasures as referred to in Article 23(5).

6.Where the identified specific and serious threat from the concerned third country amounts to a compliance weakness, the delegated act referred to in paragraph 2 shall identify specific enhanced due diligence measures as referred to in Article 24(4).

7.The Commission shall review the delegated acts referred to in paragraph 2 on a regular basis to ensure that the measures referred to in paragraphs 5 and 6 take account of the changes in the AML/CFT framework of the third country and are proportionate and adequate to the risks.

Article 26 - Guidelines on ML/TF risks, trends and methods

1.By [3 years from the date of entry into force of this Regulation], AMLA shall adopt guidelines defining the money laundering and terrorist financing trends, risks and methods involving any geographical area outside the Union to which obliged entities are exposed. AMLA shall take into account, in particular, the risk factors listed in Annex III. Where situations of higher risk are identified, the guidelines shall include enhanced due diligence measures that obliged entities shall consider applying to mitigate such risks.

2.AMLA shall review the guidelines referred to in paragraph 1 at least every two years.

3.In issuing and reviewing the guidelines referred to in paragraph 1, AMLA shall take into account evaluations, assessments or reports of international organisations and standard setters with competence in the field of preventing money laundering and combating terrorist financing.

SECTION 3 - Simplified customer due diligence


Article 27 - Simplified customer due diligence measures

1.Where, taking into account the risk factors set out in Annexes II and III, the business relationship or transaction present a low degree of risk, obliged entities may apply the following simplified customer due diligence measures:

(a)verify the identity of the customer and the beneficial owner after the establishment of the business relationship, provided that the specific lower risk identified justified such postponement, but in any case no later than 30 days of the relationship being established;

(a)reduce the frequency of customer identification updates;

(b)reduce the amount of information collected to identify the purpose and intended nature of the business relationship, or inferring it from the type of transactions or business relationship established ;

(c)reduce the frequency or degree of scrutiny of transactions carried out by the customer;

(d)apply any other relevant simplified due diligence measure identified by AMLA pursuant to Article 22.

The measures referred to in the first subparagraph shall be proportionate to the nature and size of the business and to the specific elements of lower risk identified. However, obliged entities shall carry out sufficient monitoring of the transactions and business relationship to enable the detection of unusual or suspicious transactions.

2.Obliged entities shall ensure that the internal procedures established pursuant to Article 7 contain the specific measures of simplified verification that shall be taken in relation to the different types of customers that present a lower risk. Obliged entities shall document decisions to take into account additional factors of lower risk.

3.For the purpose of applying simplified due diligence measures referred to in paragraph 1, point (a), obliged entities shall adopt risk management procedures with respect to the conditions under which they can provide services or perform transactions for a customer prior to the verification taking place, including by limiting the amount, number or types of transactions that can be performed or by monitoring transactions to ensure that they are in line with the expected norms for the business relationship at hand.

4.Obliged entities shall verify on a regular basis that the conditions for the application of simplified due diligence continue to exist. The frequency of such verifications shall be commensurate to the nature and size of the business and the risks posed by the specific relationship.

5.Obliged entities shall refrain from applying simplified due diligence measures in any of the following situations:

(a)the obliged entities have doubts as to the veracity of the information provided by the customer or the beneficial owner at the stage of identification, or they detect inconsistencies regarding that information;

(b)the factors indicating a lower risk are no longer present;

(c)the monitoring of the customer’s transactions and the information collected in the context of the business relationship exclude a lower risk scenario;

(d)there is a suspicion of money laundering or terrorist financing.

SECTION 4 - Enhanced customer due diligence


Article 28 - Scope of application of enhanced customer due diligence measures

1.In the cases referred to in Articles 23, 24, 25 and 30 to 36, as well as in other cases of higher risk that are identified by obliged entities pursuant to Article 16(2), second subparagraph (‘cases of higher risk’), obliged entities shall apply enhanced customer due diligence measures to manage and mitigate those risks appropriately.

2.Obliged entities shall examine the origin and destination of funds involved in, and the purpose of, all transactions that fulfil at least one of the following conditions:

(a)the transactions are of a complex nature;

(b)the transactions are unusually large;

(c)the transactions are conducted in an unusual pattern;

(d)the transactions do not have an apparent economic or lawful purpose.

3.With the exception of the cases covered by Section 2 of this Chapter, when assessing the risks of money laundering and terrorist financing posed by a business relationship or occasional transaction, obliged entities shall take into account at least the factors of potential higher risk set out in Annex III and the guidelines adopted by AMLA pursuant to Article 26.

4.With the exception of the cases covered by Section 2 of this Chapter, in cases of higher risk, obliged entities may apply any of the following enhanced customer due diligence measures, proportionate to the higher risks identified:

(a)obtain additional information on the customer and the beneficial owner(s);

(b)obtain additional information on the intended nature of the business relationship;

(c)obtain additional information on the source of funds, and source of wealth of the customer and of the beneficial owner(s);

(d)obtain information on the reasons for the intended or performed transactions and their consistency with the business relationship;

(e)obtain the approval of senior management for establishing or continuing the business relationship;

(f)conduct enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination;

(g)require the first payment to be carried out through an account in the customer’s name with a credit institution subject to customer due diligence standards that are not less robust than those laid down in this Regulation.

5.With the exception of the cases covered by Section 2 of this Chapter, where Member States identify pursuant to Article 8 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final] cases of higher risk, they may require obliged entities to apply enhanced due diligence measures and, where appropriate, specify those measures. Member States shall notify to the Commission and AMLA the enhanced due diligence requirements imposed upon obliged entities established in their territory within one month of their adoption, accompanied by a justification of the money laundering and terrorist financing risks underpinning such decision.

Where the risks identified by the Member States pursuant to the first subparagraph are likely to affect the financial system of the Union, AMLA shall, upon a request from the Commission or of its own initiative, consider updating the guidelines adopted pursuant to Article 26.

6.Enhanced customer due diligence measures shall not be invoked automatically with respect to branches or subsidiaries of obliged entities established in the Union which are located third countries referred to in Articles 23, 24 and 25 where those branches or subsidiaries fully comply with the group-wide policies, controls and procedures in accordance with Article 14.

Article 29 - Countermeasures to mitigate ML/TF threats from outside the Union

For the purposes of Articles 23 and 25, the Commission may choose from among the following countermeasures:

(a)countermeasures that obliged entities are to apply to persons and legal entities involving high-risk third countries and, where relevant, other countries posing a threat to the Union’s financial system consisting in:

(i) the application of additional elements of enhanced due diligence;

(ii) the introduction of enhanced relevant reporting mechanisms or systematic reporting of financial transactions;

(iii) the limitation of business relationships or transactions with natural persons or legal entities from those third countries;

(b)countermeasures that Member States are to apply with regard to high-risk third countries and, where relevant, other countries posing a threat to the Union’s financial system consisting in:

(i) refusing the establishment of subsidiaries or branches or representative offices of obliged entities from the country concerned, or otherwise taking into account the fact that the relevant obliged entity is from a third country that does not have adequate AML/CFT regimes;

(ii) prohibiting obliged entities from establishing branches or representative offices of obliged entities in the third country concerned, or otherwise taking into account the fact that the relevant branch or representative office would be in a third country that does not have adequate AML/CFT regimes;

(iii) requiring increased supervisory examination or increased external audit requirements for branches and subsidiaries of obliged entities located in the third country concerned;

(iv) requiring increased external audit requirements for financial groups with respect to any of their branches and subsidiaries located in the third country concerned;

(v) requiring credit and financial institutions to review and amend, or if necessary terminate, correspondent relationships with respondent institutions in the third country concerned.

Article 30 - Specific enhanced due diligence measures for cross-border correspondent relationships

With respect to cross-border correspondent relationships, including relationships established for securities transactions or fund transfers, involving the execution of payments with a third-country respondent institution, in addition to the customer due diligence measures laid down in Article 16, credit institutions and financial institutions shall be required, when entering into a business relationship, to:

(a)gather sufficient information about the respondent institution to understand fully the nature of the respondent's business and to determine from publicly available information the reputation of the institution and the quality of supervision;

(b)assess the respondent institution's AML/CFT controls;

(c)obtain approval from senior management before establishing new correspondent relationships;

(d)document the respective responsibilities of each institution;

(e)with respect to payable-through accounts, be satisfied that the respondent institution has verified the identity of, and performed ongoing due diligence on, the customers having direct access to accounts of the correspondent institution, and that it is able to provide relevant customer due diligence data to the correspondent institution, upon request.

Where credit institutions and financial institutions decide to terminate cross-border correspondent relationships for reasons relating to anti-money laundering and counter-terrorist financing policy, they shall document their decision.

Article 31 - Prohibition of correspondent relationships with shell banks

Credit institutions and financial institutions shall not enter into, or continue, a correspondent relationship with a shell bank. Credit institutions and financial institutions shall take appropriate measures to ensure that they do not engage in or continue correspondent relationships with a credit institution or financial institution that is known to allow its accounts to be used by a shell bank.

Article 32 - Specific provisions regarding politically exposed persons

1.In addition to the customer due diligence measures laid down in Article 16, obliged entities shall have in place appropriate risk management systems, including risk-based procedures, to determine whether the customer or the beneficial owner of the customer is a politically exposed person.

2.With respect to transactions or business relationships with politically exposed persons, obliged entities shall apply the following measures:

(a)obtain senior management approval for establishing or continuing business relationships with politically exposed persons;

(b)take adequate measures to establish the source of wealth and source of funds that are involved in business relationships or transactions with politically exposed persons;

(c)conduct enhanced, ongoing monitoring of those business relationships.

3.By [3 years from the date of entry into force of this Regulation], AMLA shall issue guidelines on the following matters:

(a)the criteria for the identification of persons falling under the definition of persons known to be a close associate;

(b)the level of risk associated with a particular category of politically exposed person, their family members or persons known to be close associates, including guidance on how such risks are to be assessed after the person no longer holds a prominent public function for the purposes of Article 35.

Article 33 - List of prominent public functions

1.Each Member State shall issue and keep up to date a list indicating the exact functions which, in accordance with national laws, regulations and administrative provisions, qualify as prominent public functions for the purposes of Article 2, point (25). Member States shall request each international organisation accredited on their territories to issue and keep up to date a list of prominent public functions at that international organisation for the purposes of Article 2, point (25). These lists shall also include any function which may be entrusted to representatives of third countries and of international bodies accredited at Member State level. Member States shall notify those lists, as well as any change made to them, to the Commission and to AMLA.

2.The Commission shall draw up and keep up to date the list of the exact functions which qualify as prominent public functions at the level of the Union. That list shall also include any function which may be entrusted to representatives of third countries and of international bodies accredited at Union level.

3.The Commission shall assemble, based on the lists provided for in paragraphs 1 and 2 of this Article, a single list of all prominent public functions for the purposes of Article 2, point (25). The Commission shall publish that single list shall in the Official Journal of the European Union. AMLA shall make the list public on its website.

Article 34 - Politically exposed persons who are beneficiaries of insurance policies

Obliged entities shall take reasonable measures to determine whether the beneficiaries of a life or other investment-related insurance policy or, where relevant, the beneficial owner of the beneficiary are politically exposed persons. Those measures shall be taken no later than at the time of the payout or at the time of the assignment, in whole or in part, of the policy. Where there are higher risks identified, in addition to applying the customer due diligence measures laid down in Article 16, obliged entities shall:

(a)inform senior management before payout of policy proceeds;

(b)conduct enhanced scrutiny of the entire business relationship with the policyholder.

Article 35 - Measures towards persons who cease to be politically exposed persons

1.Where a politically exposed person is no longer entrusted with a prominent public function by the Union, a Member State, third country or an international organisation, obliged entities shall take into account the continuing risk posed by that person in their assessment of money laundering and terrorist financing risks in accordance with Article 16.

2.Obliged entities shall apply one or more of the measures referred to in Article 28(4) to mitigate the risks posed by the business relationship, until such time as that person is deemed to pose no further risk, but in any case for not less than 12 months following the time when the individual is no longer entrusted with a prominent public function.

3.The obligation referred to in paragraph 2 shall apply accordingly where an obliged entity enters into a business relationship with a person who in the past was entrusted with a prominent public function by the Union, a Member State, third country or an international organisation.

Article 36 - Family members and close associates of politically exposed persons

The measures referred to in Articles 32, 34 and 35 shall also apply to family members or persons known to be close associates of politically exposed persons.

SECTION 5 - Specific customer due diligence provisions


Article 37 - Specifications for the life and other investment-related insurance sector

For life or other investment-related insurance business, in addition to the customer due diligence measures required for the customer and the beneficial owner, obliged entities shall conduct the following customer due diligence measures on the beneficiaries of life insurance and other investment-related insurance policies, as soon as the beneficiaries are identified or designated:

(a)in the case of beneficiaries that are identified as specifically named persons or legal arrangements, taking the name of the person or arrangement;

(b)in the case of beneficiaries that are designated by characteristics or by class or by other means, obtaining sufficient information concerning those beneficiaries so that it will be able to establish the identity of the beneficiary at the time of the payout.

For the purposes of the first subparagraph, points (a) and (b), the verification of the identity of the beneficiaries and, where relevant, their beneficial owners shall take place at the time of the payout. In the case of assignment, in whole or in part, of the life or other investment-related insurance to a third party, obliged entities aware of the assignment shall identify the beneficial owner at the time of the assignment to the natural or legal person or legal arrangement receiving for its own benefit the value of the policy assigned.

SECTION 6 - Performance by third parties


Article 38 - General provisions relating to reliance on other obliged entities

1.Obliged entities may rely on other obliged entities, whether situated in a Member State or in a third country, to meet the customer due diligence requirements laid down in Article 16(1), points (a), (b) and (c), provided that:

(a)the other obliged entities apply customer due diligence requirements and record-keeping requirements laid down in this Regulation, or equivalent when the other obliged entities are established or reside in a third country;

(b)compliance with AML/CFT requirements by the other obliged entities is supervised in a manner consistent with Chapter IV of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final].

The ultimate responsibility for meeting the customer due diligence requirements shall remain with the obliged entity which relies on another obliged entity.

2.When deciding to rely on other obliged entities situated in third countries, obliged entities shall take into consideration the geographical risk factors listed in Annexes II and III and any relevant information or guidance provided by the Commission, or by AMLA or other competent authorities. 

3.In the case of obliged entities that are part of a group, compliance with the requirements of this Article and with Article 39 may be ensured through group-wide policies, controls and procedures provided that all the following conditions are met:

(a)the obliged entity relies on information provided solely by an obliged entity that is part of the same group;

(b)the group applies AML/CFT policies and procedures, customer due diligence measures and rules on record-keeping that are fully in compliance with this Regulation, or with equivalent rules in third countries;

(c)the effective implementation of the requirements referred to in point (b) is supervised at group level by the supervisory authority of the home Member State in accordance with Chapter IV of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final] or of the third country in accordance with the rules of that third country.

4.Obliged entities shall not rely on obliged entities established in third countries identified pursuant to Section 2 of this Chapter. However, obliged entities established in the Union whose branches and subsidiaries are established in those third countries may rely on those branches and subsidiaries, where all the conditions set out in paragraph 3, points (a) to (c), are met.

Article 39 - Process of reliance on another obliged entity

1.Obliged entities shall obtain from the obliged entity relied upon all the necessary information concerning the customer due diligence requirements laid down in Article 16(1), first subparagraph points (a), (b) and (c), or the business being introduced.

2.Obliged entities which rely on other obliged entities shall take all necessary steps to ensure that the obliged entity relied upon provides, upon request:

(a)copies of the information collected to identify the customer;

(b)all supporting documents or trustworthy sources of information that were used to verify the identity of the client, and, where relevant, of the customer’s beneficial owners or persons on whose behalf the customer acts, including data obtained through electronic identification means and relevant trust services as set out in Regulation (EU) No 910/2014; and

(c)any information collected on the purpose and intended nature of the business relationship.

3.The information referred to in paragraphs 1 and 2 shall be provided by the obliged entity relied upon without delay and in any case within five working days.

4.The conditions for the transmission of the information and documents mentioned in paragraphs 1 and 2 shall be specified in a written agreement between the obliged entities.

5.Where the obliged entity relies on an obliged entity that is part of its group, the written agreement may be replaced by an internal procedure established at group level, provided that the conditions of Article 38(2) are met.

Article 40 - Outsourcing

1.Obliged entities may outsource tasks deriving from requirements under this Regulation for the purpose of performing customer due diligence to an agent or external service provider, whether a natural or legal person, with the exception of natural or legal persons residing or established in third countries identified pursuant to Section 2 of this Chapter.

The obliged entity shall remain fully liable for any action of agents or external service providers to which activities are outsourced.

2.The tasks outsourced pursuant to paragraph 1 shall not be undertaken in such way as to impair materially the quality of the obliged entity’s measures and procedures to comply with the requirements of this Regulation and of Regulation [please insert reference – proposal for a recast of Regulation (EU) 2015/847 - COM/2021/422 final]. The following tasks shall not be outsourced under any circumstances:

(a)the approval of the obliged entity’s risk assessment;

(b)the internal controls in place pursuant to Article 7;

(c)the drawing up and approval of the obliged entity’s policies, controls and procedures to comply with the requirements of this Regulation;

(d)the attribution of a risk profile to a prospective client and the entering into a business relationship with that client;

(e)the identification of criteria for the detection of suspicious or unusual transactions and activities;

(f)the reporting of suspicious activities or threshold-based declarations to the FIU pursuant to Article 50.

3.Where an obliged entity outsources a task pursuant to paragraph 1, it shall ensure that the agent or external service provider applies the measures and procedures adopted by the obliged entity. The conditions for the performance of such tasks shall be laid down in a written agreement between the obliged entity and the outsourced entity. The obliged entity shall perform regular controls to ascertain the effective implementation of such measures and procedures by the outsourced entity. The frequency of such controls shall be determined on the basis of the critical nature of the tasks outsourced.

4.Obliged entities shall ensure that outsourcing is not undertaken in such way as to impair materially the ability of the supervisory authorities to monitor and retrace the obliged entity’s compliance with all of the requirements laid down in this Regulation.

Article 41 - Guidelines on the performance by third parties

By [3 years after the entry into force of this Regulation], AMLA shall issue guidelines addressed to obliged entities on:

(a)the conditions which are acceptable for obliged entities to rely on information collected by another obliged entity, including in case of remote customer due diligence;

(b)the establishment of outsourcing relationships in accordance with Article 40, their governance and procedures for monitoring the implementation of functions by the outsourced entities, and in particular those functions that are to be regarded as critical;

(c)the roles and responsibility of each actor, whether in a situation of reliance on another obliged entity or of outsourcing;

(d)supervisory approaches to reliance on other obliged entities and outsourcing.

CHAPTER IV - BENEFICIAL OWNERSHIP TRANSPARENCY

Article 42 - Identification of Beneficial Owners for corporate and other legal entities

1.In case of corporate entities, the beneficial owner(s) as defined in Article 2(22) shall be the natural person(s) who control(s), directly or indirectly, the corporate entity, either through an ownership interest or through control via other means.

For the purpose of this Article, ‘control through an ownership interest’ shall mean an ownership of 25% plus one of the shares or voting rights or other ownership interest in the corporate entity, including through bearer shareholdings, on every level of ownership.

For the purpose of this Article, ‘control via other means’ shall include at least one of the following:

(a)the right to appoint or remove more than half of the members of the board or similar officers of the corporate entity;

(b)the ability to exert a significant influence on the decisions taken by the corporate entity, including veto rights, decision rights and any decisions regarding profit distributions or leading to a shift in assets;

(c)control, whether shared or not, through formal or informal agreements with owners, members or the corporate entities, provisions in the articles of association, partnership agreements, syndication agreements, or equivalent documents depending on the specific characteristics of the legal entity, as well as voting arrangements;

(d)links with family members of managers or directors/those owning or controlling the corporate entity;

(e)use of formal or informal nominee arrangements.

Control via other means may be determined also in accordance with the criteria of Article 22(1) to (5) of Directive 2013/34/EU.

2.In case of legal entities other than corporate entities, the beneficial owner(s) as defined in Article 2(22) shall be the natural person identified according to paragraph 1 of this Article, except where Article 43(2) applies.

3.Member States shall notify to the Commission by [3 months from the date of application of this Regulation] a list of the types of corporate and other legal entities existing under their national laws with beneficial owner(s) identified in accordance with paragraph 1. The notification shall include the specific categories of entities, description of characteristics, names and, where applicable, legal basis under the national laws of the Member States. It shall also include an indication of whether, due to the specific form and structures of legal entities other than corporate entities, the mechanism under Article 45(3) applies, accompanied by a detailed justification of the reasons for that.

4.The Commission shall make recommendations to Member States on the specific rules and criteria to identity the beneficial owner(s) of legal entities other than corporate entities by [1 year from the date of application of this Regulation]. In the event that Member States decide not to apply any of the recommendations, they shall notify the Commission thereof and provide a justification for such a decision.

5.The provisions of this Chapter shall not apply to:

(a)companies listed on a regulated market that is subject to disclosure requirements consistent with Union legislation or subject to equivalent international standards; and

(b)bodies governed by public law as defined under Article 2(1), point (4) of Directive 2014/24/EU of the European Parliament and of the Council 55 .

Article 43 - Identification of beneficial owners for express trusts and similar legal entities or arrangements

1.In case of express trusts, the beneficial owners shall be all the following natural persons:

(a)the settlor(s);

(b)the trustee(s);

(c)the protector(s), if any;

(d)the beneficiaries or where there is a class of beneficiaries, the individuals within that class that receive a benefit from the legal arrangement or entity , irrespective of any threshold, as well as the class of beneficiaries. However, in the case of pension schemes within the scope of Directive (EU) 2016/2341 of the European Parliament and of the Council 56 and which provide for a class of beneficiaries, only the class of beneficiaries shall be the beneficiary;

(e)any other natural person exercising ultimate control over the express trust by means of direct or indirect ownership or by other means, including through a chain of control or ownership.

2.In the case of legal entities and legal arrangements similar to express trusts, the beneficial owners shall be the natural persons holding equivalent or similar positions to those referred to under paragraph 1.

Member States shall notify to the Commission by [3 months from the date of application of this Regulation] a list of legal arrangements and of legal entities, similar to express trusts, where the beneficial owner(s) is identified in accordance with paragraph 1.

3.The Commission is empowered to adopt, by means of an implementing act, a list of legal arrangements and legal entities governed under the laws of Member States which should be subject to the same beneficial ownership transparency requirements as express trusts. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 61(2) of this Regulation.

Article 44 - Beneficial ownership information

1.For the purpose of this Regulation, beneficial ownership information shall be adequate, accurate, and current and include the following:

(a)the first name and surname, full place and date of birth, residential address, country of residence and nationality or nationalities of the beneficial owner, national identification number and source of it, such as passport or national identity document, and, where applicable, the tax identification number or other equivalent number assigned to the person by his or her country of usual residence;

(b)the nature and extent of the beneficial interest held in the legal entity or legal arrangement, whether through ownership interest or control via other means, as well as the date of acquisition of the beneficial interest held;

(c)information on the legal entity or legal arrangement of which the natural person is the beneficial owner in accordance with Article 16(1) point (b), as well as the description of the control and ownership structure.

2.Beneficial ownership information shall be obtained within 14 calendar days from the creation of legal entities or legal arrangements. It shall be updated promptly, and in any case no later than 14 calendar days following any change of the beneficial owner(s), and on an annual basis.

Article 45 - Obligations of legal entities

1.All corporate and other legal entities incorporated in the Union shall obtain and hold adequate, accurate and current beneficial ownership information.

Legal entities shall provide, in addition to information about their legal owner(s), information on the beneficial owner(s) to obliged entities where the obliged entities are taking customer due diligence measures in accordance with Chapter III.

The beneficial owner(s) of corporate or other legal entities shall provide those entities with all the information necessary for the corporate or other legal entity.

2.Where, after having exhausted all possible means of identification pursuant to Articles 42 and 43, no person is identified as beneficial owner, or where there is any doubt that the person(s) identified is the beneficial owner(s), the corporate or other legal entities shall keep records of the actions taken in order to identify their beneficial owner(s).

3.In the cases referred to in paragraph 2, when providing beneficial ownership information in accordance with Article 16 of this Regulation and Article 10 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final], corporate or other legal entities shall provide the following:

(a)a statement, accompanied by a justification, that there is no beneficial owner or that the beneficial owner(s) could not be identified and verified;

(b)the details on the natural person(s) who hold the position of senior managing official(s) in the corporate or legal entity equivalent to the information required under Article 44(1), point (a).

4.Legal entities shall make the information collected pursuant to this Article available, upon request and without delay, to competent authorities.

5.The information referred to in paragraph 4 shall be maintained for five years after the date on which the companies are dissolved or otherwise ceases to exist, whether by persons designated by the entity to retain the documents, or by administrators or liquidators or other persons involved in the dissolution of the entity. The identity and contact details of the person responsible for retaining the information shall be reported to the registers referred to in Article 10 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final].

Article 46 - Trustees obligations

1.Trustees of any express trust administered in a Member State and persons holding an equivalent position in a similar legal arrangement shall obtain and hold adequate, accurate and current beneficial ownership information regarding the legal arrangement. Such information shall be maintained for five years after their involvement with the express trust or similar legal arrangement ceases.

2.The persons referred to in paragraph 1 shall disclose their status and provide the information on the beneficial owner(s) to obliged entities when the obliged entities are taking customer due diligence measures in accordance with Chapter III.

3.The beneficial owner(s) of an express trust or similar legal arrangement other than the trustee or person holding an equivalent position, shall provide the trustee or person holding an equivalent position in a similar legal arrangement with all the information necessary to comply with the requirements of this Chapter.

4.Trustees of an express trust and persons holding an equivalent position in a similar legal arrangement shall make the information collected pursuant to this Article available, upon request and without delay, to competent authorities.

Article 47 - Nominees obligations

Nominee shareholders and nominee directors of a corporate or other legal entities shall maintain adequate, accurate and current information on the identity of their nominator and the nominator’s beneficial owner(s) and disclose them, as well as their status, to the corporate or other legal entities. Corporate or other legal entities shall report this information to the registers set up pursuant to Article 10 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final].

Corporate and other legal entities shall also report this information to obliged entities when the obliged entities are taking customer due diligence measures in accordance with Chapter III.

Article 48 - Foreign legal entities and arrangements

1.Beneficial ownership information of legal entities incorporated outside the Union or of express trusts or similar legal arrangements administered outside the Union shall be held in the central register referred to in Article 10 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final] set up by the Member State where such entities or trustees of express trusts or persons holding equivalent positions in similar legal arrangements:

(a)enter into a business relationship with an obliged entity;

(b)acquire real estate in their territory.

2.Where the legal entity, the trustee of the express trust or the person holding an equivalent position in a similar legal arrangement enters into multiple business relationships or acquires real estate in different Member States, a certificate of proof of registration of the beneficial ownership information in a central register held by one Member State shall be considered as sufficient proof of registration.

Article 49 - Sanctions

Member States shall lay down the rules on sanctions applicable to infringements of the provisions of this Chapter and shall take all measures necessary to ensure that they are implemented. The sanctions provided for must be effective, proportionate and dissuasive.

Member States shall notify those rules on sanctions by [6 months after the entry into force of this Regulation] to the Commission together with their legal basis and shall notify it without delay of any subsequent amendment affecting them.

CHAPTER - V

REPORTING OBLIGATIONS

Article 50 - Reporting of suspicious transactions

1.Obliged entities shall report to the FIU all suspicious transactions, including attempted transactions.

Obliged entities, and, where applicable, their directors and employees, shall cooperate fully by promptly:

(a)reporting to the FIU, on their own initiative, where the obliged entity knows, suspects or has reasonable grounds to suspect that funds, regardless of the amount involved, are the proceeds of criminal activity or are related to terrorist financing, and by responding to requests by the FIU for additional information in such cases;

(b)providing the FIU directly, at its request, with all necessary information.

For the purposes of points (a) and (b), obliged entities shall reply to a request for information by the FIU within 5 days. In justified and urgent cases, FIUs shall be able to shorten such a deadline to 24 hours.

2.For the purposes of paragraph 1, obliged entities shall assess transactions identified pursuant to Article 20 as atypical in order to detect those that can be suspected of being linked to money laundering or terrorist financing.

A suspicion is based on the characteristics of the customer, the size and nature of the transaction or activity, the link between several transactions or activities and any other circumstance known to the obliged entity, including the consistency of the transaction or activity with the risk profile of the client.

3.By [two years after entry into force of this Regulation], AMLA shall develop draft implementing technical standards and submit them to the Commission for adoption. Those draft implementing technical standards shall specify the format to be used for the reporting of suspicious transactions pursuant to paragraph 1.

4.The Commission is empowered to adopt the implementing technical standards referred to in paragraph 3 of this Article in accordance with Article 42 of Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final]. 

5.AMLA shall issue and periodically update guidance on indicators of unusual or suspicious activity or behaviours.

6.The person appointed in accordance with Article 9(3) shall transmit the information referred to in paragraph 1 of this Article to the FIU of the Member State in whose territory the obliged entity transmitting the information is established.

Article 51 - Specific provisions for reporting of suspicious transactions by certain categories of obliged entities

1.By way of derogation from Article 50(1), Member States may allow obliged entities referred to in Article 3, point (3)(a), (b) and (d) to transmit the information referred to in Article 50(1) to a self-regulatory body designated by the Member State.

The designated self-regulatory body shall forward the information referred to in the first sub-paragraph to the FIU promptly and unfiltered.

2.Notaries, lawyers and other independent legal professionals, auditors, external accountants and tax advisors shall be exempted from the requirements laid down in Article 50(1) to the extent that such exemption relates to information that they receive from, or obtain on, one of their clients, in the course of ascertaining the legal position of their client, or performing their task of defending or representing that client in, or concerning, judicial proceedings, including providing advice on instituting or avoiding such proceedings, whether such information is received or obtained before, during or after such proceedings.

Article 52 - Consent by FIU to the performance of a transaction

1.Obliged entities shall refrain from carrying out transactions which they know or suspect to be related to proceeds of criminal activity or to terrorist financing until they have completed the necessary action in accordance with Article 50(1), second subparagraph, point (a), and have complied with any further specific instructions from the FIU or other competent authority in accordance with the applicable law.

2.Where refraining from carrying out transactions referred to in paragraph 1 is impossible or is likely to frustrate efforts to pursue the beneficiaries of a suspected transaction, the obliged entities concerned shall inform the FIU immediately afterwards.

Article 53 - Disclosure to FIU

Disclosure of information in good faith by an obliged entity or by an employee or director of such an obliged entity in accordance with Articles 50 and 51 shall not constitute a breach of any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision, and shall not involve the obliged entity or its directors or employees in liability of any kind even in circumstances where they were not precisely aware of the underlying criminal activity and regardless of whether illegal activity actually occurred.

Article 54 - Prohibition of disclosure

1.Obliged entities and their directors and employees shall not disclose to the customer concerned or to other third persons the fact that information is being, will be or has been transmitted in accordance with Article 50 or 51 or that a money laundering or terrorist financing analysis is being, or may be, carried out.

2.Paragraph 1 shall not apply to disclosures to competent authorities and to self-regulatory bodies where they perform supervisory functions, or to disclosure for the purposes of investigating and prosecuting money laundering, terrorist financing and other criminal activity.

3.By way of derogation from paragraph 1, disclosure may take place between the obliged entities that belong to the same group, or between those entities and their branches and subsidiaries established in third countries, provided that those branches and subsidiaries fully comply with the group-wide policies and procedures, including procedures for sharing information within the group, in accordance with Article 13, and that the group-wide policies and procedures comply with the requirements set out in this Regulation.

4.By way of derogation from paragraph 1, disclosure may take place between the obliged entities as referred to in Article 3, point (3)(a) and (b), or entities from third countries which impose requirements equivalent to those laid down in this Regulation, who perform their professional activities, whether as employees or not, within the same legal person or a larger structure to which the person belongs and which shares common ownership, management or compliance control, including networks or partnerships.

5.For obliged entities referred to in Article 3, points (1), (2), (3)(a) and (b), in cases relating to the same customer and the same transaction involving two or more obliged entities, and by way of derogation from paragraph 1, disclosure may take place between the relevant obliged entities provided that they are located in the Union, or with entities in a third country which imposes requirements equivalent to those laid down in this Regulation, and that they are from the same category of obliged entities and are subject to professional secrecy and personal data protection requirements.

6.Where the obliged entities referred to in Article 3, point (3)(a) and (b), seek to dissuade a client from engaging in illegal activity, that shall not constitute disclosure within the meaning of paragraph 1.

CHAPTER VI - DATA PROTECTION AND RECORD-RETENTION

Article 55 - Processing of certain categories of personal data

1.To the extent that it is strictly necessary for the purposes of preventing money laundering and terrorist financing, obliged entities may process special categories of personal data referred to in Article 9(1) of Regulation (EU) 2016/679 and personal data relating to criminal convictions and offences referred to in Article 10 of that Regulation subject to the safeguards provided for in paragraphs 2 and 3.

2.Obliged entities shall be able to process personal data covered by Article 9 of Regulation (EU) 2016/679 provided that:

(a)obliged entities inform their customers or prospective customers that such categories of data may be processed for the purpose of complying with the requirements of this Regulation;

(b)the data originate from reliable sources, are accurate and up-to-date;

(c)the obliged entity adopts measures of a high level of security in accordance with Article 32 of Regulation (EU) 2016/679, in particular in terms of confidentiality.

3.In addition to paragraph 2, obliged entities shall be able to process personal data covered by Article 10 of Regulation (EU) 2016/679 provided that:

(a)such personal data relate to money laundering, its predicate offences or terrorist financing;

(b)the obliged entities have procedures in place that allow the distinction, in the processing of such data, between allegations, investigations, proceedings and convictions, taking into account the fundamental right to a fair trial, the right of defence and the presumption of innocence.

4.Personal data shall be processed by obliged entities on the basis of this Regulation only for the purposes of the prevention of money laundering and terrorist financing and shall not be further processed in a way that is incompatible with those purposes. The processing of personal data on the basis of this Regulation for commercial purposes shall be prohibited.

Article 56 - Record retention

1.Obliged entities shall retain the following documents and information in accordance with national law for the purpose of preventing, detecting and investigating, by the FIU or by other competent authorities, possible money laundering or terrorist financing:

(a)a copy of the documents and information obtained in the performance of customer due diligence pursuant to Chapter III, including information obtained through electronic identification means, and the results of the analyses undertaken pursuant to Article 50;

(b)the supporting evidence and records of transactions, consisting of the original documents or copies admissible in judicial proceedings under the applicable national law, which are necessary to identify transactions.

2.By way of derogation from paragraph 1, obliged entities may decide to replace the retention of copies of the information by a retention of the references to such information, provided that the nature and method of retention of such information ensure that the obliged entities can provide immediately to competent authorities the information and that the information cannot be modified or altered.

Obliged entities making use of the derogation referred to in the first subparagraph shall define in their internal procedures drawn up pursuant to Article 7, the categories of information for which they will retain a reference instead of a copy or original, as well as the procedures for retrieving the information so that it can be provided to competent authorities upon request.

3.The information referred to in paragraphs 1 and 2 shall be retained for a period of five years after the end of a business relationship with their customer or after the date of an occasional transaction. Upon expiry of that retention period, obliged entities shall delete personal data.

The retention period referred to in the first subparagraph shall also apply in respect of the data accessible through the centralised mechanisms referred to in Article 14 of Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final].

4.Where, on [the date of application of this Regulation], legal proceedings concerned with the prevention, detection, investigation or prosecution of suspected money laundering or terrorist financing are pending in a Member State, and an obliged entity holds information or documents relating to those pending proceedings, the obliged entity may retain that information or those documents, in accordance with national law, for a period of five years from [the date of application of this Regulation].

Member States may, without prejudice to national criminal law on evidence applicable to ongoing criminal investigations and legal proceedings, allow or require the retention of such information or documents for a further period of five years where the necessity and proportionality of such further retention have been established for the prevention, detection, investigation or prosecution of suspected money laundering or terrorist financing.

Article 57 - Provision of records to competent authorities

Obliged entities shall have systems in place that enable them to respond fully and speedily to enquiries from their FIU or from other competent authorities, in accordance with their national law, as to whether they are maintaining or have maintained, during a five-year period prior to that enquiry a business relationship with specified persons, and on the nature of that relationship, through secure channels and in a manner that ensures full confidentiality of the enquiries.

CHAPTER VII - Measures to mitigate risks deriving from anonymous instruments

Article 58 - Anonymous accounts and bearer shares and bearer share warrants

1.Credit institutions, financial institutions and crypto-asset service providers shall be prohibited from keeping anonymous accounts, anonymous passbooks, anonymous safe-deposit boxes or anonymous crypto-asset wallets as well as any account otherwise allowing for the anonymisation of the customer account holder.

Owners and beneficiaries of existing anonymous accounts, anonymous passbooks, anonymous safe-deposit boxes or crypto-asset wallets shall be subject to customer due diligence measures before those accounts, passbooks, deposit boxes or crypto-asset wallets are used in any way.

2.Credit institutions and financial institutions acting as acquirers shall not accept payments carried out with anonymous prepaid cards issued in third countries, unless otherwise provided in the regulatory technical standards adopted by the Commission in accordance with Article 22 on the basis of a proven low risk.

3.Companies shall be prohibited from issuing bearer shares, and shall convert all existing bearer shares into registered shares by [2 years after the date of application of this Regulation]. However, companies with securities listed on a regulated market or whose shares are issued as intermediated securities shall be permitted to maintain bearer shares.

Companies shall be prohibited from issuing bearer share warrants that are not in intermediated form.

Article 59 - Limits to large cash payments

1.Persons trading in goods or providing services may accept or make a payment in cash only up to an amount of EUR 10 000 or equivalent amount in national or foreign currency, whether the transaction is carried out in a single operation or in several operations which appear to be linked.

2.Member States may adopt lower limits following consultation of the European Central Bank in accordance with Article 2(1) of Council Decision 98/415/EC 57 . Those lower limits shall be notified to the Commission within 3 months of the measure being introduced at national level.

3.When limits already exist at national level which are below the limit set out in paragraph 1, they shall continue to apply. Member States shall notify those limits within 3 months of the entry into force of this Regulation.

4.The limit referred to in paragraph 1 shall not apply to:

(a)payments between natural persons who are not acting in a professional function;

(b)payments or deposits made at the premises of credit institutions. In such cases, the credit institution shall report the payment or deposit above the limit to the FIU.

5.Member States shall ensure that appropriate measures, including sanctions, are taken against natural or legal persons acting in their professional capacity which are suspected of a breach of the limit set out in paragraph 1, or of a lower limit adopted by the Member States.

6.The overall level of the sanctions shall be calculated, in accordance with the relevant provisions of national law, in such way as to produce results proportionate to the seriousness of the infringement, thereby effectively discouraging further offences of the same kind.

CHAPTER VIII - FINAL PROVISIONS

Article 60 - Delegated acts

1.The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2.The power to adopt delegated acts referred to in Articles 23, 24 and 25 shall be conferred on the Commission for an indeterminate period of time from [date of entry into force of this Regulation].

3.The power to adopt delegated acts referred to in Articles 23, 24 and 25 may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4.Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.

5.As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

6.A delegated act adopted pursuant to Articles 23, 24 and 25 shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of one month of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by one month at the initiative of the European Parliament or of the Council.

Article 61 - Committee

1.The Commission shall be assisted by the Committee on the Prevention of Money Laundering and Terrorist Financing established by Article 28 of Regulation [please insert reference – proposal for a recast of Regulation (EU) 2015/847 - COM/2021/422 final]. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011 of the European Parliament and of the Council.

2.Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

Article 62 - Review

By [5 years from the date of application of this Regulation], and every three years thereafter, the Commission shall present a report to the European Parliament and to the Council on the application of this Regulation.

Article 63 - Reports

By [3 years from the date of application of this Regulation], the Commission shall present reports to the European Parliament and to the Council assessing the need and proportionality of:

(a)lowering the percentage for the identification of beneficial ownership of legal entities;

(b)further lowering the limit for large cash payments.

Article 64 - Relation to Directive 2015/849

References to Directive (EU) 2015/849 shall be construed as references to this Regulation and to Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive - COM/2021/423 final] and read in accordance with the correlation table set out in Annex IV.

Article 65 - Entry into force and application

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from [3 years from its date of entry into force].

This Regulation shall be binding in its entirety and directly applicable in all Member States.