Toelichting bij COM(2021)420 - Voorkoming van het gebruik van het financiële stelsel voor witwassen of terrorismefinanciering

Dit is een beperkte versie

U kijkt naar een beperkte versie van dit dossier in de EU Monitor.


•Reasons for and objectives of the proposal

Money laundering and terrorist financing pose a serious threat to the integrity of the EU economy and financial system and the security of its citizens. Europol has estimated that around 1% of the EU’s annual Gross Domestic Product is ‘detected as being involved in suspect financial activity’ 1 . In July 2019, following a number of prominent cases of alleged money laundering involving credit institutions in the Union, the Commission adopted a package 2 analysing the effectiveness of the EU Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) regime as it stood at that time, and concluding that reforms were necessary. In this context, the EU’s Security Union Strategy 3 for 2020-2025 highlighted the importance of enhancing the EU’s framework for anti-money laundering and countering terrorist financing in order to protect Europeans from terrorism and organised crime.

On 7 May 2020 the Commission presented an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing 4 . In that Action Plan, the Commission committed to take measures in order to strengthen the EU’s rules on combating money laundering and terrorist financing and their implementation and defined six priorities or pillars:

1. Ensuring effective implementation of the existing EU AML/CFT framework,

2. Establishing an EU single rulebook on AML/CFT,

3. Bringing about EU-level AML/CFT supervision,

4. Establishing a support and cooperation mechanism for FIUs,

5. Enforcing EU-level criminal law provisions and information exchange,

6. Strengthening the international dimension of the EU AML/CFT framework.

While pillars 1, 5 and 6 of the Action Plan are being implemented, the other pillars demand legislative action. This proposal for a Regulation is part of an AML/CFT package of four legislative proposals that is considered as one coherent whole, in implementation of the Commission Action Plan of 7 May 2020, creating a new and more coherent AML/CFT regulatory and institutional framework within the EU. The package encompasses:

–this proposal for a Regulation on the prevention of the use of the financial system for the purposes of money laundering (ML) and terrorist financing (TF);

–a proposal for a Directive 5 establishing the mechanisms that Member States should put in place to prevent the use of the financial system for ML/TF purposes, and repealing Directive (EU) 2015/849 6 ;

–a proposal for a Regulation creating an EU Authority for anti-money laundering and countering the financing of terrorism (‘AMLA’) 7 , and

–a proposal for the recast of Regulation (EU) 2015/847 expanding traceability requirements to crypto-assets 8 .

This present legislative proposal, together with a proposal for a Directive and a proposal for a recast of Regulation (EU) 2015/847, fulfils the objective of establishing an EU single rulebook (pillar 2).

Both the European Parliament and the Council lent their support to the plan set out by the Commission in the May 2020 Action Plan. In its resolution of 10 July 2020, the European Parliament called for strengthening Union rules and welcomed plans to overhaul the EU AML/CFT institutional set-up 9 . On 4 November 2020, the ECOFIN Council adopted Conclusions supporting each of the pillars of the Commission’s Action Plan 10 .

The need for harmonised rules across the internal market is corroborated by the evidence provided in the 2019 reports issued by the Commission. These reports identified that whereas the requirements of Directive (EU) 2015/849 are far-reaching, their lack of direct applicability and granularity led to a fragmentation in their application along national lines and divergent interpretations. This situation does not allow dealing effectively with cross-border situations and are therefore ill-suited to adequately protect the internal market. It also generates additional costs and burdens for operators providing cross-border services and causes regulatory arbitrage.

To address the above issues and avoid regulatory divergences, all rules that apply to the private sector have been transferred to this proposal for an AML/CFT Regulation, whereas the organisation of the institutional AML/CFT system at national level is left to a Directive, in recognition of the need for flexibility for Member States in this area.

However, the present proposal does not simply transfer provisions from the existing AML/CFT Directive to a Regulation; a number of changes of substance are made in order to bring about a greater level of harmonisation and convergence in the application of AML/CFT rules across the EU:

–in order to mitigate new and emerging risks, the list of obliged entities is expanded to include crypto-asset service providers but also other sectors such as crowdfunding platforms and migration operators;

–to ensure consistent application of rules across the internal market, requirements in relation to internal policies, controls and procedures are clarified, including in the case of groups, and customer due diligence measures are made more granular, with clearer requirements according to the risk level of the customer;

–the requirements in relation to third countries are reviewed to ensure that enhanced due diligence measures are applied to those countries that pose a threat to the Union’s financial system;

–requirements in relation to politically exposed persons are subject to minor clarifications, particularly as regards the definition of a politically exposed person;

–beneficial ownership requirements are streamlined to ensure an adequate level of transparency across the Union, and new requirements are introduced in relation to nominees and foreign entities to mitigate risks that criminals hide behind intermediate levels;

–to guide more clearly reporting of suspicious transactions, red flags raising suspicion are clarified, whereas disclosure requirements and private-to-private sharing of information remain unaltered;

–in order to ensure full consistency with EU data protection rules, requirements for the processing of certain categories of personal data are introduced and a shorter time-limit is provided for retention of personal data;

–the measures to mitigate the misuse of bearer instruments are strenghtened and a provision limiting the use of cash for large transactions is inserted in light of the proven low effect of the current approach relying on traders in goods for implementing AML/CFT requirements in relation to large cash payments.

Having directly-applicable AML/CFT rules in a Regulation, with more detail than at present in Directive (EU) 2015/849, will not only promote convergence of application of AML/CFT measures across Member States, but will also provide a consistent framework against which AMLA will be able to monitor the application of such rules in its function as a direct supervisor of certain obliged entities.

•Consistency with existing policy provisions in the policy area

This proposal takes as its starting point the existing Directive (EU) 2015/849, as amended by Directive (EU) 2018/843 11 . While it follows the current risk-based and comprehensive approach, it deepens and enhances it with a view to bringing about greater effectiveness and cross-border consistency of application of AML/CFT requirements. Building on the amendments introduced by Directive 2018/843, it streamlines beneficial ownership transparency across the internal market, addressing those aspects where a lack of granularity had created possibilities for criminals to exploit the weakest link. This proposal must be seen as part of a package, with the other legislative proposals which accompany it, fully consistent with one another.

This proposal is consistent with the latest amendments to the recommendations of the Financial Action Task Force (FATF), and in particular in relation to the expansion of the scope of entities subject to AML/CFT requirements to include crypto-asset service providers and measures to be taken by obliged entities to assess and mitigate the risks of evasion of targeted financial sanctions. In line with FATF standards, this proposal ensures a consistent approach across the Union to the mitigation of risks deriving from bearer shares and bearer share warrants. Going beyond FATF standards, it tackles risks that are specific to the Union or that have Union-level impacts, such as those deriving from migration schemes or from large cash payments.

•Consistency with other Union policies

EU legislation on AML/CFT interacts with several pieces of EU legislation in the financial services and criminal law areas. This includes EU legislation on payments and transfers of funds (Payment Services Directive, Payment Accounts Directive, Electronic Money Directive 12 ). Some examples of how coherence with other EU legislation has been ensured are the following:

–The inclusion of crypto asset service providers among the entities subject to AML/CFT rules and the introduction of information requirements for transfers of virtual assets will complement the recent Digital Finance Package of 24 September 2020 13 and will ensure full consistency between the EU framework and FATF standards.

–The approach taken to identifying entities subject to AML/CFT rules will also ensure consistency with the recently adopted Regulation on European crowdfunding service providers 14 , in that it subjects to EU AML/CFT rules crowdfunding platforms falling outside the scope of that Regulation, given that certain AML/CFT safeguards are contained in that Regulation for crowdfunding platforms subject to it.

–The amendments to rules on Customer Due Diligence (CDD) include provisions to better frame CDD in cases where remote customer onboarding is carried out, coherent with the Commission’s proposed amendment to the eIDAS Regulation in relation to a framework for a European Digital Identity 15 , including European digital identity wallets and relevant trust service, in particular electronic attestations of attributes. This is in line with the Digital Finance Strategy 16 .



•Legal basis

This proposal for a regulation is based on Article 114 TFEU, the same legal basis as the current EU AML/CFT legal framework. Article 114 is appropriate considering the significant threat to the internal market caused by money laundering and terrorist financing, and the economic losses and disruption of functioning of the single market and reputational damage on a cross-border level which this can create at the level of the Union.


In accordance with the principles of subsidiarity and proportionality as set out in Article 5 of the Treaty on European Union, the objectives of the proposal cannot be sufficiently achieved by Member States and can therefore be better achieved at the Union level. The proposal does not go beyond what is necessary to achieve those objectives.

The 2019 Commission AML package highlighted how criminals have been able to exploit the differences among Member States’ AML/CFT regimes. Flows of illicit money and terrorist financing can damage the stability and reputation of the Union financial system and threaten the proper functioning of the internal market. Measures adopted solely at national level could have adverse effects on the internal market and contribute to fragmentation. EU action is justified in order to maintain a level playing field across the Union – with entities in all Member States subject to a consistent set of anti-money laundering and combating terrorist financing obligations. The cross-border nature of much money laundering and terrorist financing makes good cooperation between national supervisors and FIUs essential to prevent these crimes. Many entities subject to AML obligations have cross-border activities, and different approaches by national supervisors and FIUs hinder them in achieving optimal AML/CFT practices at group level.


Proportionality has been an integral part of the impact assessment accompanying the proposal and all the proposed options in different regulatory fields have been assessed against the proportionality objective. The cross-border nature of much money laundering and terrorist financing requires a coherent and consistent approach across Member States based on a single set of rules in the form of a single rulebook. However, the present proposal does not adopt a maximum harmonisation approach, as being incompatible with the fundamental risk-based nature of the EU’s AML/CFT regime. In areas where specific national risks justify it, Member States remain free to introduce rules going beyond those laid out in the present proposal.

•Choice of the instrument

A Regulation of the European Parliament and of the Council is an appropriate instrument to contribute to the creation of a single rulebook, being directly and immediately applicable, and thus removing the possibility of differences in application in different Member States due to divergences in transposition. A directly-applicable set of rules at EU level is also needed in order to allow EU-level supervision of certain obliged entities, which is proposed in the draft regulation creating AMLA accompanying the present proposal.



•Ex-post evaluations/fitness checks of existing legislation

A full ex-post evaluation of the current EU AML/CFT regime has not yet taken place, against the background of a number of recent legislative developments. Directive (EU) 2015/849 was adopted on 20 May 2015, with a transposition deadline for Member States of 26 June 2017. Directive (EU) 2018/843 was adopted on 30 May 2018, with a transposition deadline of 10 January 2020. Transposition control is still ongoing. However, the Commission Communication of July 2019 and accompanying reports referred to above serve as an evaluation of the effectiveness of the EU AML/CFT regime as it stood at that point in time.

•Stakeholder consultations

The consultation strategy supporting this proposal was composed of a number of components:

–A consultation on the roadmap announcing the Commission’s Action Plan. The consultation, on the Commission’s Have Your Say portal, ran between 11 February and 12 March 2020, and received 42 contributions from a range of stakeholders;

–A public consultation on the actions put forward in the Action Plan, open to the general public and all stakeholder groups, launched on 7 May 2020, and open until 26 August. The consultation received 202 official contributions;

–A targeted consultation of Member States and competent AML/CFT authorities. Member States had the opportunity to give their views in various meetings of the Expert Group on Money Laundering and Terrorist Financing, and EU FIUs made input in meetings of the FIU Platform and via written papers. The discussions were supported by targeted consultations of Member States and competent authorities, using questionnaires;

–A request for advice from the European Banking Authority, made in March 2020; the EBA provided its opinion on 10 September;

–On 23 July 2020, the EDPS issued an opinion on the Commission’s Action Plan;

–On 30 September 2020, the Commission organised a high-level conference, bringing together representatives from national and EU authorities, MEPs, private sector and civil society representatives and academia.

Stakeholder input on the Action Plan was broadly positive.

•Collection and use of expertise

In preparing this proposal, the Commission relied on qualitative and quantitative evidence collected from recognised sources, including technical advice from the European Banking Authority. Information on enforcement of AML rules was also obtained from Member States via questionnaires.

•Impact assessment

This proposal is accompanied by an impact assessment 17 , which was submitted to the Regulatory Scrutiny Board (RSB) on 6 November 2020 and approved on 4 December 2020. The same impact assessment also accompanies the other legislative proposals which are presented together with the present proposal. The RSB proposed various presentational improvements to the impact assessment in its positive opinion; these have been made.

In the impact assessment the Commission considered three problems: lack of clear and consistent rules, inconsistent supervision across the internal market and insufficient coordination and exchange of information among FIUs. The first of those problems is relevant for the present proposal; on that problem the following options were considered:

1. EU rules would remain as they are with no modifications;

2. Ensure a greater level of harmonisation in the rules that apply to obliged entities and leave it to Member States to detail the powers and obligations of competent authorities;

3. Ensure a greater level of harmonisation in the rules that apply to entities subject to AML/CFT obligations and the powers and obligations of supervisors and FIUs;

Based on the outcome of the impact assessment, option 3 is the preferred option. By introducing a consistent and more granular approach to the rules at EU level, it would allow to remove the current fragmentation both as regards AML/CFT obligations for obliged entities, and the activities of competent authorities. For obliged entities which are active cross-border, it will bring about a level playing field as regards AML/CFT rules and involve savings in implementation costs. Greater detection and deterrence of ML/TF will be promoted.

Annex VI of the Impact Assessment examines the different areas for greater harmonisation of rules, including the list of obliged entities, CDD measures, CDD threshold for occasional transactions, AML/CFT policies, controls and procedures requirements, Crypto-Asset Service Providers and beneficial ownership transparency.

Annex VIII of the Impact Assessment analyses a revised approach to third countries which pose a threat to the Union’s financial system and to the internal market as a whole; the present proposal implements that new approach.

Annex IX of the Impact Assessment analyses the introduction of limits to large cash transactions; the present proposal implements that new approach.

•Regulatory fitness and simplification

Although, as noted above, no formal ex-post evaluation or fitness check of existing EU AML/CFT legislation has yet taken place, a number of points can be made with regard to elements of the proposal which will further simplification and improve efficiency. Firstly, the replacement of certain rules in a Directive with more harmonised and directly applicable rules in a Regulation will remove the need for transposition work in the Member States and facilitate doing business for cross-border entities in the EU. Moreover, the removal from the scope of the EU AML/CFT framework of traders in goods, linked to the proposed prohibition on cash operations over EUR 10 000, will release such traders from the administrative burden of applying AML/CFT requirements in relation to cash operations exceeding EUR 10 000. Finally, the greater degree of harmonisation of AML rules in a number of specific areas will facilitate the implementation of group-wide internal policies, controls and procedures across the internal market.

•Fundamental rights

The EU is committed to ensuring high standards of protection of fundamental rights. In particular, safeguards for the handling of personal data by obliged entities are introduced to ensure compliance with the relevant data protection requirements 18 , and in particular in relation to certain categories of personal data of a more sensitive nature.



This Regulation has no budgetary implications.



•Implementation plans and monitoring, evaluation and reporting arrangements

The proposal includes a general plan for monitoring and evaluating the impact on the specific objectives, requiring the Commission to carry out a first review five years after the date of application of the Regulation (and every three years thereafter), and to report to the European Parliament and the Council on its main findings. The proposal for an AML/CFT Directive accompanying this present proposal has the same evaluation provisions, and the evaluation of the two instruments can be combined in one report. The review is to be conducted in line with the Commission’s Better Regulation Guidelines.

•Detailed explanation of the specific provisions of the proposal


Subject matter and scope, including list of Obliged Entities

While most definitions are carried over from the current EU AML/CFT legislation, a number of definitions are added, adapted or updated.

The range of entities defined as Obliged Entities under current EU AML/CFT legislation and thus subject to EU AML/CFT rules is amended in the following ways: the scope of crypto-asset service providers (CASPs) is aligned with that of the Financial Action Task Force and thus widened compared with the current Directive; crowdfunding service providers which fall outside the scope of Regulation (EU) 2020/1503 are added; creditors for mortgage and consumer credits as well as mortgage and consumer credit intermediaries that are not credit institutions or financial institutions are added to ensure a level playing field between operators providing the same kind of services; operators involved on behalf of third country nationals in the context of investor residence schemes are added 19 ; traders in goods are removed (hitherto, these had an obligation to report cash transactions of a value over EUR 10 000), except for dealers in precious metals and stones, who, given the exposure to money laundering and terrorist financing risks of the sector, should continue to apply AML/CFT requirements.


Internal policies controls and procedures

The requirement on obliged entities to have in place a policy to identify and assess the risks of money laundering and terrorist financing they are facing, with a risk-based approach, and to mitigate those risks builds on current EU AML/CFT legislation but provides more clarity on the requirements. Obliged entities must take all measures at the level of their management to implement internal policies, controls and procedures, including the appointment of a dedicated compliance manager, and ensure that responsible staff are appropriately trained. The requirement to allocate a member of the staff to the role of compliance officer and the tasks of such role are clarified. Clarifications are provided in relation to the requirements that apply to groups, to be further complemented by regulatory technical standards detailing minimum requirements, the role of parent entities that are not themselves obliged entities and the conditions under which other structures such as networks and partnerships should apply group-wide measures. The requirements applicable to groups with branches operating in third countries are maintained.


Customer due diligence

While most provisions on Customer Due Diligence (CDD) are carried over from existing EU AML/CFT legislation, a number of clarifications and additional details are laid down in this proposal regarding CDD. The fundamental objective of CDD is clarified as being to obtain sufficient knowledge of customers enabling obliged entities to determine the money laundering and terrorist financing risks of business relationships or occasional transactions and to decide the corresponding mitigating measures which they need to apply. More specific and detailed provisions are laid down on the identification of the customer and on the verification of the customer’s identity. The conditions for the use of electronic identification means as set out by Regulation (EU) No 910/2014 20 are clarified. AMLA is empowered and required to produce regulatory technical standards on the standard datasets for identifying natural and legal persons; these RTS will include specific simplified CDD measures that obliged entities may implement in case of lower risk situations identified in the Supranational Risk Assessment that the Commission is required to draw up. Rules on simplified and enhanced due diligence measures are detailed.


Third country policy

The policy regarding third countries is adapted. The Commission will identify third countries either taking into account the public identification by the relevant international standard-setter (the FATF) or on the basis of its own autonomous assessment. Third countries so identified by the Commission will be subjected to two different sets of consequences, proportionate to the risk they pose to the Union’s financial system: (i) third countries subject to all enhanced due diligence measures and to additional country-specific countermeasures; and (ii) third countries subject to country-specific enhanced due diligence measures. In principle, third countries “subject to a call for action” by the FATF will be identified by the Commission as high-risk third countries. Due to the persistent nature of the serious strategic deficiencies in their AML/CFT framework, all enhanced due diligence measures will apply to them as well as country-specific countermeasures to proportionately mitigate the threat. Third countries with compliance weaknesses in their AML/CFT regimes, defined as “subject to increased monitoring” by the FATF, will in principle be identified by the Commission and subject to country-specific enhanced due diligence measures, proportionate to the risks. The Commission may also identify third countries, which are not listed by the FATF, but which pose a specific threat to the Union’s financial system and which, on the basis of that threat, will be subject either to country-specific enhanced due diligence measures or, where appropriate, to all enhanced due diligence measures and to countermeasures. In assessing the level of threat stemming from those third countries, the Commission may build on the technical expertise of AMLA. Finally, AMLA will develop guidelines on money laundering and terrorist financing risks, trends and methods, which do not have a country-specific dimension, but rather stem from geographical areas outside the Union and advise obliged entities accordingly on the opportunity to implement measures to mitigate them. This revised approach to third countries aims at ensuring that external threats to the Union’s financial system and the proper functioning of the internal market are effectively mitigated, by implementing a harmonised approach at EU level and ensuring more granularity and proportionality in the definition of the consequences attached to the listing, on a risk-sensitive basis.


Politically Exposed Persons (PEPs)

The provisions on PEPs are based on the current AML/CFT legislation, with an obligation on Member States to draw up lists of functions which confer PEP status on their territory, and obligations on obliged entities to subject PEPs to enhanced CDD measures, on a risk-based approach. The requirements applicable to persons who no longer hold prominent public functions are laid down in legislation.


Reliance and outsourcing

Building on the current rules, the proposal clarifies the respective conditions for the resort to reliance on CDD already performed by other obliged entities and outsourcing of functions to other entities or service providers. The proposal maintains that in either situation the ultimate responsibility for conformity with the rules remains with the obliged entity. A risk-based approach must be applied and providers based in high-risk third countries, countries with compliance weaknesses as well as in any other country that poses a threat to the Union’s financial system must not be relied upon or outsourced functions to.


Beneficial ownership information

The provisions on beneficial ownership information in the proposal build on those in current EU AML/CFT legislation, including the concept of beneficial ownership and the requirement for all corporate and other legal entities to obtain and hold adequate, accurate and current beneficial ownership information. More detailed rules are provided to identify the beneficial owner(s) of corporate and other legal entities, and a harmonised approach to the identification of beneficial ownership is laid down. With regard to express trusts and similar legal entities or arrangements, provisions are provided to ensure the consistent identification of beneficial owners across Member States when similar situations are faced, including an empowerment for a Commission implementing act. The proposal includes disclosure requirements for nominee shareholders and nominee directors, and introduces the obligations to register their beneficial ownership in the Union for non-EU legal entities that either enter into a business relationship with an EU obliged entity or acquire real estate in the Union.


Reporting obligations

The provisions on reporting of suspicious transactions to FIUs (or to a self-regulatory body, if a Member State would provide for that) are based on those in current EU AML/CFT legislation. Clearer rules are provided on how transactions are to be identified. In order to facilitate obliged entities’ compliance with their reporting obligations and allow for a more effective functioning of the FIUs’ analytical activities and cooperation, AMLA will develop draft implementing technical standards specifying a common template for the reporting of suspicious transactions to be used as a uniform basis throughout the EU.


Data protection

The EU General Data Protection Regulation (Regulation (EU) 2016/679) applies to the processing of personal data for the purposes of this proposal. The proposal clarifies the conditions that apply to the processing of certain categories of personal data of a more sensitive nature by obliged entities. Obliged entities must retain records of certain personal data for five years.


Measures to mitigate the risks of misuse of bearer instruments

The proposal contains a provision preventing traders in goods or services from accepting cash payments of over EUR 10 000 for a single purchase, while allowing Member States to maintain in force lower ceilings for large cash transactions. This ceiling does not apply to private operations between individuals. The Commission must assess the benefits and impacts of further lowering of this threshold within three years of application of the proposed Regulation. The provision and custody of anonymous crypto-asset wallets are prohibited. Companies that are not listed are prohibited from issuing bearer shares and are required to register those shares. The issuance of bearer share warrants is only allowed in intermediated form.


Final provisions

Provisions for the adoption by the Commission of delegated acts under Article 290 of the Treaty are laid down. The Regulation will enter into force on the twentieth day after publication in the Official Journal and become applicable 3 years after its entry into force. The Commission must review and evaluate this Regulation within five years of its application and every three years thereafter.