AMLD5 Guide

AMLD5 Guide

Welcome to the Holland FinTech AMLD5 Web Guide

Fighting Money Laundering has become a key element of financial services. Payment institutions, asset managers and especially banks carry a large responsibility as gate keeper of the financial services domain. In 2015, the European Committee issued the 4th Anti Money Laundering Directive, that required a stronger focus on Money Laundering by financial institutions, and has lead to many fines for non-compliance over the past years. In 2018, EU decided to introduce the AMLD5 directive after the outbreak of high-profile political scandals and terrorist attacks all across Europe. The new level of money laundering acts hit European lawmakers, and they had to make amendments to AMLD4 to provide financial institutions better protection. These new rules should have been translated into national law on 10 January 2020. 

And while these new regulations were not yet implemented, new adoptions were deemed necessary, through a 6th directive, AMLD6 expands criminal liability to legal persons, including companies and partnerships and sentences may include additional sanctions and fines, which could result in a forced halt to the company’s operations. 

This makes a complex environment for financial institutions to comply with, and as we can read in a news article from early 2021, many financial institutions are ill prepared. Therefore we have create a guide for you, to help you understand the changes that are being brought by AMLD5.  In the Netherlands, the AMLD5 regulation has been implemented since 21 May 2020 in Dutch law (WwFT – Wet ter voorkoming van witwassen en financieren van terrorisme).

In the web guide below, you will find applicability, comments, tips and tricks and a reference to the amendment text, in the original document – Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018, which can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32018L0843.   

We are really proud and thankful to have been able to collaborate with our member law firms below. Together, we hope to give you a handhold to further explore the changes to the Anti Money Laundering directive, and allow you to keep criminal activities out of financial services.

Amendment ref. 01 – Article 01 / Article 02 (1) / point (3)

point (3) of Article 2(1) is amended as follows:
  • (a) point (a) is replaced by the following:
    • ‘(a) auditors, external accountants, and tax advisors, and any other person that undertakes to provide, directly or by means of other persons to which that other person is related, material aid, assistance or advice on tax matters as principal business or professional activity;’;
  • (b) point (d) is replaced by the following:
    • ‘(d) estate agents including when acting as intermediaries in the letting of immovable property, but only in relation to transactions for which the monthly rent amounts to EUR 10 000 or more;’;
  • (c) the following points are added:
    • ‘(g) providers engaged in exchange services between virtual currencies and fiat currencies;
    • (h) custodian wallet providers;
    • (i) persons trading or acting as intermediaries in the trade of works of art, including when this is carried out by art galleries and auction houses, where the value of the transaction or a series of linked transactions amounts to EUR 10 000 or more;
    • (j) persons storing, trading or acting as intermediaries in the trade of works of art when this is carried out by free ports, where the value of the transaction or a series of linked transactions amounts to EUR 10 000 or more.’;
Natural or legal persons acting in the exercise of their professional activitities as described in the Directive.
This article broadens the scope of the applicability of the Directive. The extension of the scope of this Directive concerns natural or legal persons in the exercise of their professional activities inter alia persons storing, trading, or acting as intermediaries in the trade in works of art if the value of the transaction(s) exceeds EUR 10.000. Another extension of AML5 concerns estate agents, which includes the situation in which an estate agent acts intermediary in the letting of immovable property. This however only applies to the situation in which the transactions of the monthly rents amount to EUR 10.000 or more. The most significant change in the Directive is the extension of the scope regarding providers that are engaged in exchange services between virtual currencies and fiat currencies and providers of custodian wallet papers. Currently, virtual currencies (such as Bitcoin, Etherium, and Litecoin) are not supervised in the European Union. Therefore, they are used for money laundering and/or financing terrorism, which is why the scope of AML4 is extended with AML5. By amending the Directive it will become possible for competent authorities to monitor the use of virtual currencies in order to combat money laundering and terrorist financing. Crypto exchange platforms that fall within the scope of AML5 are characterized by the fact that crypto can be converted into fiat money and vice versa by using an exchange platform. An example of crypto exchange platforms are platforms that provide the possibility to users to buy or sell crypto in exchange for fiat money. Custodian wallet providers only fall within the scope of AML5 if they have access to both the public and private keys of the user. Therefore, the scope of AML5 does not include crypto storage wallets that only have the public key of the user as part of their services. The credit and financial institutions that are subjected to the new rules of AML5 remain the same as in AMLD4.
As of 21 May 2020 more natural or legal persons will fall within the scope of the AML Directive because the scope is extended. This means that various AML obligations will apply to them. Therefore, these natural or legal persons should conduct risk assessments and client investigations. They also need to monitor client transactions and report unusual transactions to the competent FIU. Additionally, they need to have adequate policies in order to combat the risks of money laundering and control terrorist financing. In addition, directors have to be reliable and suitable in order to carry out the AML obligations. Finally, these institutions need to be registered with a competent supervisory authority. For crypto service providers that are active in the Netherlands, this means that they need to be registered by De Nederlandsche Bank (DNB). DNB qualifies a company as a crypto service provider if it provides, in a professional capacity or on a commercial basis, services for the exchange between virtual and regular currencies, or services for the provision of custodian wallets, or both. The obligation to register applies to both new and existing service providers. Existing service providers fall under a six-month transitional regime, which starts 21 May 2020, under which they do not have to comply with the registration requirement, nor with the requirement to have their policymakers assessed for fitness and propriety. However, they must have submitted a request for registration and have applied for fit and proper assessments of their policymakers by 21 May 2020, the date the Act implementing amendments to the Fourth Anti-Money Laundering came into force in the Netherlands. If the registration process is not completed within six months, the service provider must cease its activities. The documents that a service provider needs to submit are as follows: a business plan, initial fit and proper assessments for policymakers, documents regarding governance, documents regarding sound operational management, and documents regarding ethical business operations. DNB published explanatory notes for the registration as a crypto service provider. Virtual currencies can often be used as a means of payment. However, they could also be used for other purposes such as means of exchange or as an investment. Therefore, virtual currencies should not be confused with electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC of the European Parliament and of the Council, with the larger concept of ‘funds’ as defined in point (25) of Article 4 of Directive (EU) 2015/2366 of the European Parliament and of the Council, nor with a monetary value stored on instruments exempted as specified in points (k) and (l) of Article 3 of Directive (EU) 2015/2366, nor with in-games currencies, that can be used exclusively within a specific game environment.
Art. 2 (1) (3) (a) is implemented in art. 1a (4) (a and b) Prevention of Money Laundering and Terrorist Financing Act (new). Art. 2 (1) (3) (d) is implemented in art. 1a (4) (h) Prevention of Money Laundering and Terrorist Financing Act (new). Art. 2 (1) (3) (g) is implemented in art. 1a (4) (l) Prevention of Money Laundering and Terrorist Financing Act (new). Art. 2 (1) (3) (h) is implemented in art. 1a (4) (m) Prevention of Money Laundering and Terrorist Financing Act (new). Art. 2 (1) (3) (i) is implemented in art. 1a (4) (j) Prevention of Money Laundering and Terrorist Financing Act (current regulation). Art. 2 (1) (3) (j) does not require implementation, because free ports do not exist in the Netherlands.

Amendment ref. 02 – Article 01 / Article 03

Article 3 is amended as follows:
  • (a) point (4) is amended as follows:
    • (i) point (a) is replaced by the following:
      • ‘(a) terrorist offences, offences related to a terrorist group and offences related to terrorist activities as set out in Titles II and III of Directive (EU) 2017/541 (*1);(*1) Directive (EU) 2017/541 of the European Parliament and of the Council of 15 March 2017 on combating terrorism and replacing Council Framework Decision 2002/475/JHA and amending Council Decision 2005/671/JHA (OJ L 88, 31.3.2017, p. 6).’;”
    • (ii) point (c) is replaced by the following:
      • ‘(c) the activities of criminal organisations as defined in Article 1(1) of Council Framework Decision 2008/841/JHA (*2);(*2) Council Framework Decision 2008/841/JHA of 24 October 2008 on the fight against organised crime (OJ L 300, 11.11.2008, p. 42).’;”
  • (b) in point (6), point (b) is replaced by the following:
    • ‘(b) in the case of trusts, all following persons:
      • (i) the settlor(s);
      • (ii) the trustee(s);
      • (iii) the protector(s), if any;
      • (iv) the beneficiaries or where the individuals benefiting from the legal arrangement or entity have yet to be determined, the class of persons in whose main interest the legal arrangement or entity is set up or operates;
      • (v) any other natural person exercising ultimate control over the trust by means of direct or indirect ownership or by other means;’;
  • (c) point (16) is replaced by the following:
    • ‘(16) “electronic money” means electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC, but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;’;
  • (d) the following points are added:
    • ‘(18) “virtual currencies” means a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically;
    • (19) “custodian wallet provider” means an entity that provides services to safeguard private cryptographic keys on behalf of its customers, to hold, store and transfer virtual currencies.’;
All Obliged Entities
This paragraph provides for some minor amendments to a few existing definitions of AMLD4 and includes the definitions of ‘virtual currencies’ and ‘custodian wallet providers’ to the anti-money laundering legislation. AMLD5 qualifies virtual currency exchange platforms (providers engaged in exchange services between virtual currencies and fiat currencies) and custodian wallet providers as ‘obliged entities’. As a result, these cryptocurrency exchanges and custodian wallet providers will, among other things, be subject to obligations to implement preventative measures and report suspicious activity, which means that these entities have to apply customer due-diligence controls when exchanging virtual for fiat currencies. AMLD5 aims to minimise the anonymity associated with transactions in virtual currency and the concealment of such transactions. Virtual currencies AMLD5 provides the first definition of virtual currency that covers all its potential uses, such as means of payment, means of exchange, investment, store-of-value products or use in online casinos. The definition is broad and not only limited to payment-like tokens such as Bitcoin. AMLD5 definition of virtual currencies contains four elements that are relevant, namely: (i) a digital representation of value, (ii) that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency, and does not possess a legal status of currency or money, (iii) is accepted by natural or legal persons, as a means of exchange, and (iv) which can be transferred, stored and traded electronically.
  • i. The value of virtual currency is primarily displayed in digital form, but this definition does not preclude the value from being displayed physically, for example, via a print or an engraved metal object. A digital representation of value shows strong similarity to the monetary concept of ‘unit of account’ but is broader as it includes the possibility of considering virtual currency as private money or as a commodity (merchandise). It also does not refer to a standard numerical unit of account for measuring the value of the cost of goods, services, assets or liabilities, as it is generally assumed that such a unit of account should be stable over time. This is not yet the case for virtual currencies.
  • ii. Virtual currencies are not issued by a central bank, other public authorities or government agencies. If this is the case, it is fiduciary currency, regardless of what the (physical or digital) form is. This is also the difference between e-money and virtual currency: virtual currencies are not (necessarily) linked to fiduciary currencies, i.e. virtual currencies have no fixed counterpart to fiduciary currencies and cannot be redeemed for a nominal value by the issuer of the virtual currency. Electronic money, on the other hand, is a value of money which is stored electronically, enabling payment transactions to be made and payments to be made to persons other than the issuer of the electronic money.
  • iii. Virtual currency can be used as a ‘means of exchange’ to get goods and services from one holder to another. It is a direct exchange, i.e. there is no need for an exchange system (such as a system where money is used as a means of exchange to match the value of the goods and/or services). The extent to which a given virtual currency is accepted by economic operators as a direct exchange varies from virtual currency to virtual currency. In addition, a virtual currency may deliberately be designed for broad or limited use.
  • iv. Virtual currencies can be transferred electronically from one user to another, stored on an electronic device or server, or traded electronically. However, this does not exclude the possibility that a physical transfer may also take place, that copies of virtual currency may be stored in other ways (e.g. via documents or coins) or that virtual currency may be traded in other ways. The potential function of virtual currency as a “value asset for the future” (hoarding asset) does not necessarily imply that this value will remain stable over time or that it will not be subject to inflation or deflation.
The purpose of this definition is to distinguish virtual currencies from fiduciary currencies and in particular from electronic money which is a digital representation of fiduciary currencies. Money (or fiduciary currency is money that derives its value from the trust placed in it) has three functions, namely as a) unit of account, b) means of exchange and c) means of value for the future (means of hoarding). Virtual currencies have the potential to perform one or more of these functions. However, the definition of virtual currency as explained above shows that virtual currency does not perform these functions in an equivalent way, at the same time or to the same extent as money. Custodian wallet providers AMLD5 broadens the scope to custodian wallet providers, which are defined as ‘entities that provide services to safeguard private cryptographic keys on behalf of its customers, to hold, store and transfer virtual currencies’. A crypto wallet provides information about a user’s crypto balance and encompasses the public and private key belonging to that crypto. The public key is similar to a bank account number; the private key is similar to a PIN code and is used to sign a crypto transaction. Not every provider of a virtual currency wallet falls within the scope of AMLD5. AMLD5 definition only includes wallet providers that maintain ‘control’ (via a private key) over users’ wallets, vis-à-vis software wallet providers that offer applications or programmes running on users’ hardware (i.e. computer, smartphone and tablet) to access public information from a distributed ledger and access the network (without having access to or control over the user’s private keys). AMLD5 defines ‘control’ as the ability to hold, store or transfer virtual currency. AMLD5 provides that this applies in any case to providers that hold the private key of their users, even if the private key is shared with more than one user in addition to the provider. However, these situations are not exhaustive. If the provider can dispose of the virtual currency of the user in another way, he is also considered a provider of a custodian wallet. The ratio behind this is that providers of custody wallets that control the virtual currency of their users should be able to conduct due diligence on their customers and monitor transactions. They are therefore brought within the scope of AMLD4. Providers of non-custodian wallets, such as “software” wallets, offer applications or physical devices (like a USB key) for users to access and store their virtual currency and give them insight into the balance of their virtual currency. Unlike custodian wallet providers, these providers do not have access to the virtual currencies of their users, as they do not safeguard keys on behalf of their users.
Recitals 8 until 11 of AMLD5 provide for further context where the definitions of virtual currencies and custodian wallet providers would apply, to help avoid confusion with other definitions. Local currencies, also known as complementary currencies, that are used in very limited networks such as a city or a region and among a small number of users should not be considered to be virtual currencies.
  1. Adjustment article 3 (4) AMLD4: implementation through existing regulations and therefore no amendments were required.
  2. Adjustment article 3 (6) AMLD4: implementation through existing regulations (article 3 (3) Implementing Decision Wwft) and therefore no amendments were required.
  3. Adjustment article 3 (16) AMLD4: implementation through existing regulations (article 1 (1) Wwft) and therefore no amendments were required.
  4. Adjustment article 3 (18 & 19) AMLD4: implemented in article 1 (1) Wwft.

Amendment ref. 03 – Article 01 / Article 06

Article 6 is amended as follows:

  • (a) in paragraph (2), points (b) and (c) are replaced by the following:
    • ‘(b) the risks associated with each relevant sector including, where available, estimates of the monetary volumes of money laundering provided by Eurostat for each of those sectors;
    • (c) the most widespread means used by criminals to launder illicit proceeds, including, where available, those particularly used in transactions between Member States and third countries, independently of the identification of a third country as high-risk pursuant to Article 9(2).’;
    • (b) paragraph (3) is replaced by the following:
      • ‘3. The Commission shall make the report referred to in paragraph 1 available to Member States and obliged entities in order to assist them to identify, understand, manage and mitigate the risk of money laundering and terrorist financing, and to allow other stakeholders, including national legislators, the European Parliament, the European Supervisory Authorities (ESAs), and representatives from FIUs, to better understand the risks. Reports shall be made public at the latest six months after having been made available to Member States, except for the elements of the reports which contain classified information.’;
European Commission, Member States and also indirectly applicable to obliged entities.

Situation under AMLD4
Pursuant to article 6 of AMLD4, the Commission shall conduct a risk assessment on the risks of money laundering and terrorism financing that could affect the European internal market. The findings of this risk assessment are laid down in an assessment report and at least cover the greatest risks associated with:

  • (i) areas of the internal market,
  • (ii) each relevant sector and
  • (iii) the most widespread means used by criminals to launder illicit proceeds.

The report is made available to the Member States and obliged entities. The aim is to create understanding about and to mitigate the AML/CFT risks. Other stakeholders such as national legislators, the European Parliament, the European Supervisory Authorities and FIU’s can also benefit from these reports.

The Commission will also give recommendations to the Members States on how to mitigate AML/CFT risks. If a Member State does not implement these recommendations in national legislation, it should notify and explain to the Commission why it derogates from the recommendation.

Amendments pursuant to AMLD5
Article 1, paragraph 3 of the AMLD5 adds several aspects that should be covered by the Commission´s report. For example, the report shall include per relevant sector estimates of monetary volumes of money laundering. These estimates are provided by Eurostat. Also, the report shall provide information about the specific illicit means that are used in transactions between the Members States and third countries.

Also new is that the full report shall be made public at least six months after it has been shared with the Members States. Classified information will be redacted from the report.
These amendments are mainly aimed at the Commission and provide more specific guidelines for the content of the report.

The fact that the Commission’s report is made public, means that obliged entities should take note of the information contained therein as it may prove useful for formulating your entities’ AML-CFT risk appetite. For instance, if you deal with a lot of clients in specific sectors that are deemed riskier according to the Commission’s report, this could be a reason to review existing AML/CFT procedures. It is also likely that supervisors like AFM and DNB will be more strict in their supervision when it comes to dealings with businesses that – according to the report – are more often used for money laundering. Therefore, it is important for obliged entities to monitor risk factors stated in the reports.
Article 6 (2b) No need for implementation due to the nature of the provision. Article 6 (2c) No need for implementation due to the nature of the provision. Article 6 (3) No need for implementation due to the nature of the provision.

Amendment ref. 04 – Article 01 / Article 07

Article 7 is amended as follows:
  • (a) in paragraph (4), the following points are added:
    • ‘(f) report the institutional structure and broad procedures of their AML/CFT regime, including, inter alia, the FIU, tax authorities, and prosecutors, as well as the allocated human and financial resources to the extent that this information is available;
    • (g) report on national efforts and resources (labor forces and budget) allocated to combat money laundering and terrorist financing.’;
  • (b) paragraph 5 is replaced by the following:
    • ‘5. The Member States shall make the results of their risk assessments, including their updates, available to the Commission, the ESAs, and the other Member States. The other Member States may provide relevant additional information, where appropriate, to the Member State carrying out the risk assessment. A summary of the assessment shall be made publicly available. That summary shall not contain classified information.’;
Member states
Article 7 of this Directive contains the obligation to conduct a national risk assessment and maintain the currency of this assessment. Because it is important for the European Union to take an integrated approach on the compliance of national AML/CFT regimes, the obligation for the Commission to conduct a risk assessment, following from article 6, has to be based on the national AML/CFT regimes. This will allow monitoring of the correct transposition of the Union requirements in national AML/CFT regimes, the effective implementation of those requirements and the capacity of those regimes to achieve an effective preventive framework. The amendment of article 7 of AMLD5 contains the obligation for member states to report the institutional structure and broad procedures of their AML/CFT regime, which includes the FIU (in the Netherlands this is the Finance Intelligence Unit Nederland), tax authorities and prosecutors. This also concerns the allocated human and financial resources to the extent that information is available. The member states also have to report on national efforts and resources allocated to combat money laundering and terrorist financing. Additionally, member states have to make the results of their risk assessments available to the Commission, the ESAs and the other Member States. This enables other member states to provide additional information to the member state carrying out the risk assessment. Next to that, the member state should make a summary of the assessment publicly available.
Article 7 (4) does not require implementation. Article 7 (5) is implemented in article 1f (1) Prevention of Money Laundering and Terrorist Financing Act (new).

Amendment ref. 05 – Article 01 / Article 09

Article 9 is amended as follows:
  • (a) paragraph 2 is replaced by the following:
    • ‘2. The Commission is empowered to adopt delegated acts in accordance with Article 64 in order to identify high-risk third countries, taking into account strategic deficiencies in particular in the following areas:
      • (a) the legal and institutional AML/CFT framework of the third country, in particular:
        • (i) the criminalisation of money laundering and terrorist financing;
        • (ii) measures relating to customer due diligence;
        • (iii) requirements relating to record-keeping;
        • (iv) requirements to report suspicious transactions;
        • (v) the availability of accurate and timely information of the beneficial ownership of legal persons and arrangements to competent authorities;
      • (b) the powers and procedures of the third country’s competent authorities for the purposes of combating money laundering and terrorist financing including appropriately effective, proportionate and dissuasive sanctions, as well as the third country’s practice in cooperation and exchange of information with Member States’ competent authorities;
      • (c) the effectiveness of the third country’s AML/CFT system in addressing money laundering or terrorist financing risks.’;
        • (b) paragraph 4 is replaced by the following:
          • ‘4. The Commission, when drawing up the delegated acts referred to in paragraph 2, shall take into account relevant evaluations, assessments or reports drawn up by international organizations and standard setters with competence in the field of preventing money laundering and combating terrorist financing.’;
European Commission
The European Commission is empowered to identify third-country jurisdictions that have strategic deficiencies in their national AML/CFT regimes that pose significant threats to the financial system of the Union (‘high-risk third countries’), in order to protect the proper functioning of the internal market. The Commission must have access to the necessary information to identify these high-risk third countries. This provision clarifies that the review also pertains to the availability of accurate and timely information to identify beneficial owners of legal entities and arrangements and to shortcomings in effective, proportionate and dissuasive sanctions, as well as the third country’s practice in cooperation and exchange of information with other competent authorities. Furthermore, this provision provides for textual amendments.
By its nature, the provision does not require implementation in Dutch law.

Amendment ref. 06 – Article 01 / Article 10

in Article 10, paragraph 1 is replaced by the following:
  • ‘1. The Member States shall prohibit their credit institutions and financial institutions from keeping anonymous accounts, anonymous passbooks, or anonymous safe-deposit boxes. The Member States shall, in any event, require that the owners and beneficiaries of existing anonymous accounts, anonymous passbooks or anonymous safe-deposit boxes be subject to customer due diligence measures no later than 10 January 2019 and in any event before such accounts, passbooks, or deposit boxes are used in any way.’;
Credit institutions and financial institutions
Under AMLD4, credit institutions and financial institutions are prohibited to keep anonymous accounts and anonymous passbooks. This provision of AML5 builds on this existing prohibition, by determining that credit institutions and financial institutions are also prohibited to keep anonymous safe-deposit boxes in addition to anonymous accounts and anonymous passbooks. Identification of the actual holders of safe-deposit boxes must be possible. Furthermore, owners and beneficiaries of existing anonymous accounts, anonymous passbooks or anonymous safe-deposit boxes must be subject to customer due diligence measures. This provision determines that these owners and beneficiaries needed to be subjected to the customer due diligence measures no later than 10 January 2019.
Credit institutions and financial institutions must have available specific and complete information on the identity of real holders of safe-deposit boxes. The date before which customer due diligence measures needed to be applicable to existing anonymous accounts, anonymous passbooks or anonymous safe-deposit boxes has passed.
The amendment is implemented by means of existing regulations (Article 53 of the Dutch State Taxes Act).

Amendment ref. 07 – Article 01 / Article 12

Article 12 is amended as follows:
  • (a) paragraph 1 is amended as follows:
    • (i) in the first subparagraph, points (a) and (b) are replaced by the following:
      • ‘(a) the payment instrument is not reloadable, or has a maximum monthly payment transactions limit of EUR 150 which can be used only in that Member State;
      • (b) the maximum amount stored electronically does not exceed EUR 150;’;
    • (ii) the second subparagraph is deleted;
      • (b) paragraph 2 is replaced by the following:
        • ‘2. Member States shall ensure that the derogation provided for in paragraph 1 of this Article is not applicable in the case of redemption in cash or cash withdrawal of the monetary value of the electronic money where the amount redeemed exceeds EUR 50, or in the case of remote payment transactions as defined in point (6) of Article 4 of the Directive (EU) 2015/2366 of the European Parliament and of the Council (*3) where the amount paid exceeds EUR 50 per transaction. (*3) Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35).’;”
      • (c) the following paragraph is added:
        • ‘3. Member States shall ensure that credit institutions and financial institutions acting as acquirers only accept payments carried out with anonymous prepaid cards issued in third countries where such cards meet requirements equivalent to those set out in paragraphs 1 and 2. Member States may decide not to accept their territory payments carried out by using anonymous prepaid cards.’;
All Obliged Entities
This paragraph provides for an expansion of the customer due diligence measures with respect to electronic money by lowering the thresholds for identifying users of payment instruments as included in article 12 AMLD4. Obliged Entities may be exempted from certain customer due diligence measures where a number of risk-mitigating conditions are met. Under AMLD5 such conditions include, among other things, the following: – the payment instrument is not reloadable and has a monthly maximum payment transaction limit of EUR 150 (under AMLD4 this threshold was set at EUR 250); and – the maximum stored electronically amount is EUR 150 (under AMLD4 this threshold was set at EUR 250). The abovementioned exemption to apply certain customer due diligence measures is not applicable in the case of redemption in cash or cash withdrawal of the monetary value of the electronic money where the amount redeemed exceeds EUR 50 (under AMLD4 this threshold was set at EUR 100), or in the case of remote payment transactions as defined in the revised Payment Services Directive (PSD2) where the amount paid exceeds EUR 50 per transaction. Furthermore, under this paragraph in AMLD5 a provision has been made for anonymous prepaid cards issued outside the EU in third countries. AMLD5 outlines new requirements for Member States to ensure that credit institutions and financial institutions acting as acquirers only accept payments carried out with anonymous prepaid cards issued in third countries where such cards meet the requirements equivalent to the current EU AML/CFT regulations.
Pursuant to this paragraph Member States may also decide not to accept on their territory payments carried out by using anonymous prepaid cards. This Member State-option has not been ”gold-plated” by the Netherlands. In other words: the Netherlands has chosen not to make use of this option. However, the Netherlands has set the requirement for credit institutions and financial institutions acting as acquirers to only accept payments carried out with anonymous prepaid cards issued in third countries where such cards meet the requirements equivalent to the Dutch AML/CFT regulations.
Adjustment article 12 AMLD4: implemented in article 7 Wwft.

Amendment ref. 08 – Article 01 / Article 13(1)

Article 13(1) is amended as follows:
  • (a) point (a) is replaced by the following: ‘(a) identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source, including, where available, electronic identification means, relevant trust services as set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council (*4) or any other secure, remote or electronic identification process regulated, recognised, approved or accepted by the relevant national authorities; (*4) Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).’;”
  • (b) at the end of point (b), the following sentence is added: ‘Where the beneficial owner identified is the senior managing official as referred to in Article 3(6)(a) (ii), obliged entities shall take the necessary reasonable measures to verify the identity of the natural person who holds the position of senior managing official and shall keep records of the actions taken as well as any difficulties encountered during the verification process.’;
All Obliged Entities
This article provides further and more prescribed guidance on how to ensure accuracy when identifying and verifying the data provided by natural and legal persons when performing customer due diligence. This is done by replacing point (a). In the past year a number of innovative solutions and applications, mainly digital, however, it was not always clear whether or not using such solutions and applications would suffice in view of a customer due diligence. By explicitly referring to Regulation (EU) No 910/2014 of the European Parliament and of the Council the legislator confirms that it recognized solutions and applications that are approved on the basis of the aforementioned Regulation. In addition, it is stated that other secure remote or electronic identification processes, regulated, recognized, approved, or accepted at national level by the national competent authority within the European Union may be taken into account. Point (b) will be completed and further guidance is given by adding a new sentence explaining the identification, verification, and recording requirements in relation to a customer due diligence on an ultimate beneficial owner that also holds a position as a senior manager. It is explicitly prescribed that the Obliged Entity should record any difficulties it encounters during the customer due diligence.
There are many application making the client identification and verification process less cumbersome. It is highly recommended to incorporate the use of such smart applications within your customer due diligence processes. When doing so, please ensure that the application is recognized either by the local competent authority or under Regulation (EU) No 910/2014 of the European Parliament and of the Council. Build in evaluation processes within the relevant internal policies and ensure that the agreements to enter into with the firm offering the application contain sufficient tools for you to manage, monitor and secure the application. Always take into account applicable data protection regulations.
Adjustment of article 13 AMLD4, as implemented in article 3 Wwft. By its nature, the provision does not require (additional/further) implementation in Dutch law.

Amendment ref. 09 – Article 01 / Article 14

Article 14 is amended as follows:

  • (a) in paragraph 1, the following sentence is added: ‘Whenever entering into a new business relationship with a corporate or other legal entity, or a trust or a legal arrangement having a structure or functions similar to trusts (“similar legal arrangement”) which are subject to the registration of beneficial ownership information pursuant to Article 30 or 31, the obliged entities shall collect proof of registration or an excerpt of the register.’;
  • (b) paragraph 5 is replaced by the following: ‘5. Member States shall require that obliged entities apply the customer due diligence measures not only to all new customers but also at appropriate times to existing customers on a risk-sensitive basis, or when the relevant circumstances of a customer change, or when the obliged entity has any legal duty in the course of the relevant calendar year to contact the customer for the purpose of reviewing any relevant information relating to the beneficial owner(s), or if the obliged entity has had this duty under Council Directive 2011/16/EU (*5). (*5) Council Directive 2011/16/EU of 15 February 2011 on administrative cooperation in the field of taxation and repealing Directive 77/799/EEC (OJ L 64, 11.3.2011, p. 1).’;”
All obliged entities.

Point (b) will be completed and further guidance is given by adding a new sentence explaining the identification, verification and recording requirements in relation to a customer due diligence on an ultimate beneficial owner that also holds a position as senior manager. It is explicitly prescribed that the Obliged Entity should record any difficulties it encounters during the customer due diligence.

As an obliged entity, you want to consider and implement systems to make sure you refresh your client due diligence at set times. In this system, you want to implement rules for contacting customers in order to review information relating to the beneficial owner(s). In addition, you want to make sure that you collect objective information about the UBO and not only collect an extract from the UBO register.
Article 14 (1) AMLD4 has been incorporated in article 4 (1) of the Netherlands Anti Money Laundering and Counter Terrorist Financing Act (Wet ter voorkoming van witwassen en financiering van terrorisme). Article 14(5) AMLD4 has been incorporated in article 3(2)(d) of the Netherlands Anti Money Laundering and Counter Terrorist Financing Act (Wet ter voorkoming van witwassen en financiering van terrorisme).

Amendment ref. 10 – Article 01 / Article 18

Article 18 is amended as follows:
  • (a) in paragraph 1, the first subparagraph is replaced by the following:
    • ‘In the cases referred to in Articles 18a to 24, as well as in other cases of higher risk that are identified by Member States or obliged entities, Member States shall require obliged entities to apply enhanced customer due diligence measures to manage and mitigate those risks appropriately.’;
  • (b) paragraph 2 is replaced by the following:
    • ‘2. Member States shall require obliged entities to examine, as far as reasonably possible, the background and purpose of all transactions that fulfil at least one of the following conditions:
      • (i) they are complex transactions;
      • (ii) they are unusually large transactions;
      • (iii) they are conducted in an unusual pattern;
      • (iv) they do not have an apparent economic or lawful purpose. In particular, obliged entities shall increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear suspicious.’;
All Obliged Entities
The wording of Article 18 (1) of AMLD4 has been slightly changed. Article 18 (1) of AMLD4 now also refers to article 18a, which is added by AMLD5. Furthermore, the reference to third countries identified by the Commission as high-risk third countries has now been deleted in article 18 (1) of AMLD4. Article 18a now refers to ‘high-risk third countries’. The wording of Article 18 (2) of AMLD4 has been amended. The situations in which Obliged Entities must investigate the background and purpose of transactions are formulated and distinguished more clearly. Although the wording of this provision is amended by AMLD5, there is no material change.
With regard to the amended wording of article 18 (2) of AMLD4 it is noted that an Obliged Entity must comply with this provision in a risk-based manner. A transaction which is complex or unusually large or a transaction with an unusual pattern or for no apparent economic or lawful purpose must be assessed by the Obliged Entity taking into account the profile of the client which is a result of the customer due diligence. The information collected thereby may lead to the conclusion that a transaction does not occur within the client’s profile, for example because it involves exceptionally high amounts that are unusual for the client’s profile.
Adjustment article 18 (1) AMLD4: implementation through existing regulations (article 8 and 9 Wwft). Adjustment article 18 (2) AMLD4: article 8 (3) Wwft

Amendment ref. 11 – Article 1 / Article 18a

The following Article is inserted:Article 18a 1. With respect to business relationships or transactions involving high-risk third countries identified pursuant to Article 9(2), Member States shall require obliged entities to apply the following enhanced customer due to diligence measures:
    • (a) obtaining additional information on the customer and on the beneficial owner(s);
    • (b) obtaining additional information on the intended nature of the business relationship;
    • (c) obtaining information on the source of funds and source of wealth of the customer and of the beneficial owner(s);
    • (d) obtaining information on the reasons for the intended or performed transactions;
    • (e) obtaining the approval of senior management for establishing or continuing the business relationship;
    • (f) conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.Member States may require obliged entities to ensure, where applicable, that the first payment be carried out through an account in the customer’s name with a credit institution subject to customer due diligence standards that are not less robust than those laid down in this Directive.
2. In addition to the measures provided in paragraph 1 and in compliance with the Union’s international obligations, Member States shall require obliged entities to apply, where applicable, one or more additional mitigating measures to persons and legal entities carrying out transactions involving high-risk third countries identified pursuant to Article 9(2). Those measures shall consist of one or more of the following:
    • (a) the application of additional elements of enhanced due diligence;
    • (b) the introduction of enhanced relevant reporting mechanisms or systematic reporting of financial transactions;
    • (c) the limitation of business relationships or transactions with natural persons or legal entities from the third countries identified as high risk countries pursuant to Article 9(2).
3. In addition to the measures provided in paragraph 1, Member States shall apply, where applicable, one or several of the following measures with regard to high-risk third countries identified pursuant to Article 9(2) in compliance with the Union’s international obligations:
    • (a) refusing the establishment of subsidiaries or branches or representative offices of obliged entities from the country concerned, or otherwise taking into account the fact that the relevant obliged entity is from a country that does not have adequate AML/CFT regimes;
    • (b) prohibiting obliged entities from establishing branches or representative offices in the country concerned, or otherwise taking into account the fact that the relevant branch or representative office would be in a country that does not have adequate AML/CFT regimes;
    • (c) requiring increased supervisory examination or increased external audit requirements for branches and subsidiaries of obliged entities located in the country concerned;
    • (d) requiring increased external audit requirements for financial groups with respect to any of their branches and subsidiaries located in the country concerned;
    • (e) requiring credit and financial institutions to review and amend, or if necessary terminate, correspondent relationships with respondent institutions in the country concerned.
4. When enacting or applying the measures set out in paragraphs 2 and 3, Member States shall take into account, as appropriate relevant evaluations, assessments or reports drawn up by international organisations and standard setters with competence in the field of preventing money laundering and combating terrorist financing, in relation to the risks posed by individual third countries. 5. Member States shall notify the Commission before enacting or applying the measures set out in paragraphs 2 and 3.’;
Member States and obliged entities (e.g. regulators, financial institutions and payment service providers)
This provision relates to (enhanced) customer due diligence and is a newly introduced article based on which Member States shall require obliged entities to apply certain enhanced customer due diligence measures, such as obtaining additional information on the client and on the beneficial owner(s) and additional information on the intended nature of the business relationship (see paragraph 1). Paragraph 2 provides that Member States shall require obliged entities to apply, where applicable, one or more additional mitigating measures to persons and legal entities carrying out transactions involving high-risk third countries identified pursuant to Article 9(2). Paragraph 3 provides that Member States shall apply, where applicable, one or several of the other listed measures with regard to high-risk third countries identified pursuant to Article 9(2).
Obliged entities should establish clear internal guidelines in relation to their (enhanced) customer due diligence and they should incorporate the provisions included in this article therein accordingly. E.g. which information should be obtained and which actions should be taken in the event that a client might be carrying out transactions involving high-risk third countries.
Please note that this article is referred to as “Article 18bis” in the correlation table. Paragraph 1 will be included in article 9, paragraph 1 Wwft. Paragraph 2 will be included in article 9, paragraph 2 and 4 Wwft. Paragraph 3 will be included in article 9, paragraph 3 and 4 Wwft. Paragraph 4 and 5 do not require an amendment to Dutch legislation.

Amendment ref. 12 – Article 01 / Article 19

in Article 19, the introductory part is replaced by the following:

‘With respect to cross-border correspondent relationships involving the execution of payments with a third-country respondent institution, Member States shall, in addition to the customer due diligence measures laid down in Article 13, require their credit institutions and financial institutions when entering into a business relationship to:’;

Credit institutions and financial institutions

Situation under AMLD4

With regard to client due diligence procedures, Article 19 of AMLD4 requires credit institutions and financial institutions to adhere to additional requirements when pursuing cross-border correspondent relationships with third-country respondent institutions. The most important obligation is to obtain more information on these entities and their AML-compliance and to assess their past AML/CFTchecks.

Amendments pursuant to AMLD5
This article specifies that additional CDD checks on correspondent cross-border relationships with a third-country correspondent institution are required when it involves the execution of payments.

As a credit institution or financial institution, you of course perform client due diligence. You want to make sure that any correspondent relationships you have, also performs similar CDD checks on their clients. This article requires you to perform specific checks and makes clear that this is necessary when you are executing payments with the correspondent institution.
Implementation is pursuant to existing legislation (article 8 (4) of the Netherlands Money Laundering and Terrorist Financing (Prevention) Act).

Amendment ref. 13 – Article 1 / Article 20a

The following Article is inserted:
  • ‘Article 20a
  1. Each Member State shall issue and keep up to date a list indicating the exact functions which, according to national laws, regulations and administrative provisions, qualify as prominent public functions for the purposes of point (9) of Article 3. Member States shall request each international organization accredited on their territories to issue and keep up to date a list of prominent public functions at that international organization for the purposes of point (9) of Article 3. Those lists shall be sent to the Commission and may be made public.
  2. The Commission shall compile and keep up to date the list of the exact functions which qualify as prominent public functions at the level of Union institutions and bodies. That list shall also include any function which may be entrusted to representatives of third countries and of international bodies accredited at Union level.
  3. The Commission shall assemble, based on the lists provided for in paragraphs 1 and 2 of this Article, a single list of all prominent public functions for the purposes of point (9) of Article 3. That single list shall be made public.
  4. Functions included in the list referred to in paragraph 3 of this Article shall be dealt with in accordance with the conditions laid down in Article 41(2).’;
Member states and the European Commission
Pursuant to this provision each member state shall issue and keep up to date a list of prominent public functions according to its national laws and regulations, including nationally registered international organizations. In addition, the European Commission shall compose and keep up to date a list of prominent public functions at the level of the institutions and bodies of the European Union. Based on these lists the European Commission will assemble and publish a list of all prominent public functions in the European Union.
This provision provides the regulations for the European Commission to compose and publish a list of all prominent public functions within the European Union. This list is important to identify politically exposed persons (PEP’s), since a PEP is one who is or has been entrusted with a prominent publication function. The list of the European Commission will consist of functions and will not name any individual persons. PEP’s are considered as higher risk clients and require enhanced customer due diligence screening and measures under the European AML directives and Dutch law and legislation.
Implementation in the Netherlands (expected) in art. 9a (new) Wwft (the Dutch Money Laundering and Terrorist Financing Prevention Act)

Amendment ref. 14 – Article 01 / Article 27

in Article 27, paragraph 2 is replaced by the following: ‘2. Member States shall ensure that obliged entities to which the customer is referred take adequate steps to ensure that the third party provides immediately, upon request, relevant copies of identification and verification data, including, where available, data obtained through electronic identification means, relevant trust services as set out in Regulation (EU) No 910/2014, or any other secure, remote or electronic, identification process regulated, recognised, approved or accepted by the relevant national authorities.’;
Member States and obliged entities (e.g. regulators, financial institutions and payment service providers)
This provision relates to the situation in which obliged entities appeal to a third party in relation to the fulfillment of their obligations regarding their customer due diligence as listed in Article 11, paragraph 1 under A, B, and C. Paragraph 2 of Article 27 is amended and provides that Member States shall ensure that obliged entities to which the client is referred take adequate steps to ensure that the third party provides immediately, upon request, all necessary client information. The amended text of this paragraph broadens the scope of the identification and verification data in comparison to its old text.
Article 5, paragraph 5 Wwft and subordinate legislation (Uitvoeringsregeling Wwft).

Amendment ref. 15 – Article 01 / Article 30

Article 30 is amended as follows:

  • (a) paragraph 1 is amended as follows:
    • (i) the first subparagraph is replaced by the following: ‘Member States shall ensure that corporate and other legal entities incorporated within their territory are required to obtain and hold adequate, accurate and current information on their beneficial ownership, including the details of the beneficial interests held. Member States shall ensure that breaches of this Article are subject to effective, proportionate and dissuasive measures or sanctions.’;
    • (ii) the following subparagraph is added: ‘Member States shall require that the beneficial owners of corporate or other legal entities, including through shares, voting rights, ownership interest, bearer shareholdings or control via other means, provide those entities with all the information necessary for the corporate or other legal entity to comply with the requirements in the first subparagraph.’;
Member States, corporate and other legal entities

Situation under AMLD4

Pursuant to article 30 of AMLD4, all corporate and other legal entities must register information on their Ultimate Beneficial Owner(s) (UBO(s)) in a central national register; the so called UBO Register. In the Netherlands, this register is kept by the Netherlands Chamber of Commerce.

A UBO is a natural person who ultimately has economic ownership or controls the legal or corporate entity. It is possible that several natural persons qualify as the UBOs of a single entity. The UBO is always a natural person.With regard to most corporate entities, with some exceptions, AMLD4 defines a threshold as to when a natural person may qualify as the UBO. For example, a natural person may be seen as the UBO when directly or indirectly holding a position more than 25% of the shares, voting rights, or the ownership interest.

Personal information regarding the identity of the UBO(s) should be registered (e.g. full name, address, percentage of control or ownership, passport number) in the so-called UBO Register. Entities must provide accurate, adequate and up to date information on their UBO(s) to the UBO register. Member States shall ensure that the information concerning the UBO will be fully accessible to competent authorities and FIU’s, other obliged entities to fulfil their client due diligence, and any person or organization that can demonstrate a legitimate interest. Ultimately, the national registers will be combined into a European central register.

The aim is to provide transparency on which natural persons have ultimate economic ownership or control over an entity. As a consequence, an entity is able to make a more thorough assessment with whom it is entering into a business relationship. This assessment should provide a better judgment of the risks surrounding a client and in turn to counter the risks of anti-money laundering and financing of terrorism.

Amendments pursuant to AMLD5
AMLD5 came in force by 9 July 2018. By that time the Dutch legislator was still in the process of preparing a legislative proposal to implement art. 30 of AMLD4. Thus, although there were amendments to this article through AMLD5, it is good to note that the provisions in AMLD4 and AMLD5 regarding the UBO register were implemented simultaneously.

The most noticeable amendments stated in AMLD5 are with respect to the accessibility of the UBO-information and the obligation for obliged entities to report discrepancies between the UBO-information available in the central registers and the information on the UBO which is available to them through client due diligence.

Under AMLD5, parts of the information in the register is also made available to the general public. As a consequence, any general member of the public of a Member State may request information as long as they are registered with the responsible authority and pay a small administrative fee.

The information that is invariably available to the public is to what extent the UBO exercises control over an entity. This information varies from 25-50%, 50-75%, or more than 75% of economic ownership or control over the relevant entity.

Personal information, such as full name, date of birth, state of residence, and nationality, are generally available to the public. However, it can be explicitly requested not to disclose this information. More sensitive personal information, such as a citizen service number (BSN), a foreign fiscal address, place of residence, and a transcript of the  UBO-documentation, are not accessible to the general public.

Nonetheless, this information will in any event be available to the competent authorities and FIU’s. In addition, the beneficial owners of corporate or other legal entities must ensure that the UBO-information is adequate, accurate and current according to art 30(4) of AMLD5. In order to acquire this, obliged entities must report any discrepancies between the UBO information as laid down in the central register and the information on their client’s UBO(s) that they might obtain through their own client due diligence.

The aim of this reporting obligation is to ensure that the information in the central register is not solely based on self-reporting. In turn, due to such checks by other obliged entities, this would ensure that the information in the UBO-register is adequate, accurate and current.

With the implementation of AMLD5 an estimated 1.5 million Dutch entities must register information concerning their UBOs in the central register. The implementation of the UBO-register was already frequently debated in the past years. The existing debates were however mainly related to the privacy of the UBO and the obligation of reporting discrepancies by obliged entities. To obliged entities, when performing client due diligence, the UBO is of great importance and should generally be identified and verified. This demonstrates the importance of the information of the UBO being up to date. It is therefore recommended to obliged entities to monitor whether the information on their UBO(s) as laid down in the public register is up to date. Also, to smoothen out their own client due diligence checks the UBO-register may often be found helpful. Obliged entities are expected to perform their own due diligence when it comes to the UBO of their clients. An obliged entity should take reasonable measures to identify the UBO of their clients and verify the UBOs identity. They are not allowed to solely rely on the UBO-register. In case of a discrepancy between the gathered information and the information in the UBO-register, the obliged entity must report this to the Chamber of Commerce. There has been some debate on whether this obligation to report back has the desired effect. It is argued that obliged entities are not always able to cross-check if the UBO-information obtained through their own due diligence is correct. This is mainly due to the fact that there were difficulties to identify and verify the UBO(s) for obliged entities in the first place. In view of some, the main aim of the UBO-register was to counter such difficulties and make client due diligence easier. It should be noted however that with the obligation to report back any discrepancies, the aim in the long-run is to ensure a complete, accurate and up-to-date register. The efforts that an obliged entity must take to identify and verify the identity of its clients and their UBOs shall depend on the potential AML/CFT risks surrounding the client or transaction. But some form of identification and verification of clients and their UBOs is always required. Given the administration requirements of the AML Act, always make sure to document the finding of your client’s due diligence. Please note, not all corporate or other legal entities are obligated to register information on their UBO in the UBO-register. For example, sole proprietorships, legal entities governed by public law, and companies listed on the stock exchange are generally exempted from such registration. This is due to the fact that their information on their UBO is generally publicly available or the entity has existing obligations to disclose their UBO.
Article 30 (3) Implementation pursuant to existing legislation (article 15 (a) of the Commercial Register Act 2007). Article 30 (4) Implementation partly pursuant to existing legislation (art. 32 (3)(4) of the Commercial Register Act 2007 and art. 10 (c) of the Netherlands Money Laundering and Terrorist Financing (Prevention) Act). Article 30 (5), first and second paragraph Implementation pursuant to existing legislation (art. 21 (1)(2) and art. 28(2)(5) of the Commercial Register Act 2007). Art, 30 (5a) Implementation pursuant to existing legislation. Art. 30 (6) Implementation pursuant to existing legislation (art. 28(2)(5) of the Commercial Register Act 2007). Art. 30 (7) Implementation pursuant to existing legislation. Art. 30 (8) Implementation pursuant to existing legislation (art. 10 (c) of the Netherlands Money Laundering and Terrorist Financing (Prevention) Act). Art. 30 (9) Implementation pursuant to existing legislation. Art. 30 (10), first and second paragraph N/A Art. 30 (10), third paragraph Commercial Registers Decree 2008.

How likely are you to recommend Holland FinTech?