In our blog post today, Iosif Galea, iGaming consultant, explains the ins and outs of the 4th Anti-Money Laundering Directive that came into force on 26th June, 2017.
This Directive, issued by the European Union, includes some fundamental changes to the anti-money laundering procedures at firms, including changes to Customer Due Diligence (CDD), a central register for beneficial owners, and a focus on risk assessments. The following are the changes that came into force.
Changes to CDD
- CDD is required by anyone trading goods in cash with a value over €10,000 (current level is €15,000).
- CDD by casinos including remote gaming operators where customers wish to place a stake or collect winnings of at least €2,000.
As an obliged entity, a remote gaming operator would need to submit an annual compliance report with the FIAU
The submission date may be subject to interpretation depending on whether the ‘providers of gambling services’ will be grouped with Casinos – 30th of April every year – or with ‘other categories of non-financial subject persons’ – 31st of May every year.
In the event where due diligence, verifying the identity of the customer has not been conducted for other reasons previously, this will indicate the checkpoint at the lifetime total of €2,000 on the account.
Enhanced measures for local PEPs
The rules for politically-exposed persons (“PEPs”) are no longer limited. Local PEPs will now be subject to the same scrutiny as foreign PEPs. The Directive adds a note chastising firms for refusing the business of a PEP:
“The requirements relating to politically exposed persons are of a preventive and not criminal nature, and should not be interpreted as stigmatising politically exposed persons as being involved in criminal activity. Refusing a business relationship with a person simply on the basis of the determination that he or she is a politically exposed person is contrary to the letter and spirit of this Directive and of the revised FATF Recommendations.”
Why is there the emphasis on a risk-based approach?
In the Fourth Directive, the word ‘risk’ appears more often than in the previous Directives, and this is not a coincidence. In fact, in the Money Laundering Regulations (2007), ‘risk’ is mentioned 13 times. In the Third Directive, it is mentioned 36 times, while in the latest Directive, it is mentioned 149 times in order to emphasise on employing a risk-based approach to money laundering at every level. It directs states to commission national risk assessments, firms to develop risk-based policies, and practitioners to conduct CDD in a risk-based manner.The current European Gaming regulations already incorporate a risk-based approach, but the new Directive goes even further and it seems to require more documentation of the risk assessment.
For operators, this means:
- Requirement to demonstrate and document that risk assessments are conducted and kept up to date, taking into account risk factors including those relating to their customers, countries or geographic areas, products, services, transactions or delivery channels.
- Written money laundering policies and procedures that take the firm’s risk assessment into consideration.
- Internal audit teams, where necessary, to test the internal policies, controls and procedures
- Training on how to conduct a risk-based CDD and ongoing monitoring.
Does the new directive expand beyond the EU borders?
Companies with majority-owned subsidiaries located in other countries where the minimum Anti-Money Laundering requirements are less strict than those of the Member State, must implement the requirements of the Member State at those subsidiaries.
What should remote gaming operators do to prepare?
Plan to roll out new AML training in Q4 of 2017, once the transposition is complete.
What should the training include? What should the training include?
- Changes incorporated in the Fourth Directive.
- How to perform and document a risk-based assessment of money laundering.
- MLRO’s should perform and document an internal risk assessment.
- MLRO’s should update policies to reflect changes to the directive and incorporate a risk-based approach.
- MLRO’s should consider adding an audit function to test procedures.
- All new policies should be reviewed and approved by senior management.