by Jonathan J. Rusch

Introduction

Since 2018, when the then-European Commissioner for Justice Věra Jourová described the Danske Bank money-laundering catastrophe[1] as “the biggest scandal in Europe”[2], the European Commission (EC), as the politically independent executive arm of the European Union (EU)[3], has worked assiduously to repair the substantial defects in Europe’s anti-money laundering and counter-financing of terrorism (AML/CFT) mechanisms.

In 2019, the EC presented to the EU a package of four legislative proposals to strengthen the EU’s AML/CFT rules:

1. a regulation establishing a new EU anti-money laundering authority (AMLA) with powers to impose sanctions and penalties;
2. a regulation on AML requirements for the private sector;
3. a directive on anti-money-laundering mechanisms; and
4. a regulation recasting the regulation on transfers of funds which aims to make transfers of crypto-assets more transparent and fully traceable.

Although the European Council and the European Parliament reached a provisional agreement on the regulation on transfers of funds in 2022[4], the EC has needed until recently to obtain agreement on certain other elements of its AML package, such as the AMLA. This post will summarize and provide some observations on the EC’s December 13, 2023 announcement concerning the AMLA provisional agreement and the agreement itself. A subsequent post will summarize and comment on the provisional agreement concerning AML private-sector requirements, including harmonization of AML rules throughout the EU.[5]

Principal Elements of the AMLA

In broad terms, the Council stated that the proposed AMLA would “have direct and indirect supervisory powers over high-risk obliged entities in the financial sector.”  Its intention is to create “an integrated mechanism with national supervisors to ensure obliged entities comply with AML/CFT-related obligations in the financial sector, and to give AMLA “a supporting role with respect to non-financial sectors, and coordinate financial intelligence units in member states.”[6]

The Council specified that the provisional agreement has five principal elements:

1. Supervisory Powers

The agreement adds powers to AMLA “to directly supervise certain types of credit and financial institutions, including crypto asset service providers, if they are considered high-risk or operate across borders.” AMLA would conduct a selection of credit and financial institutions that represent a high risk in several Member States. The selected obliged entities would be supervised by joint supervisory teams, led by AMLA, that will, among other things, carry out assessments and inspections.  The agreement would further entrust AMLA to supervise up to 40 groups and entities in the first selection process.  For non-selected obliged entities, The Council stated that AML/CFT supervision “would remain primarily at national level.”

For the non-financial sector, AMLA would have a supporting role, carrying out reviews and investigating possible breaches in the application of the AML/CFT framework and having the power to issue non-binding recommendations.  The Council added that national supervisors “will be able to voluntarily set up a college for a non-financial entity operating across borders if deemed needed.”  Finally, the provisional agreement would expand the scope and content of AMLA’s supervisory database, by asking AMLA to establish and keep up-to-date a central database of information relevant for the AML/CFT supervisory system.[7]

2. Financial Sanctions and Internal Policies and Procedures:

The Council specified that AMLA “will monitor that selected obliged entities have internal policies and procedures in place to ensure the implementation of targeted financial sanctions, asset freezes and confiscations.”[8]

3. Governance

The Council specified that AMLA would have a general board composed of representatives of supervisors and Financial Intelligence Units from all member states, and an executive board that would be the governing body of the AMLA, composed of the AMLA chair and five independent full-time members. The Council further stated that it and the Parliament “removed the Commission’s veto right on some of the powers of the executive board, notably its budgetary powers.”[9]

4. Whistleblowing

The Council noted that the provisional agreement “introduces a reinforced whistle-blowing mechanism.” AMLA would be able to deal only with reports coming from the financial sector with regard to obliged entities, but would also be able to attend reports from employees of national authorities.[10]

5. Disagreements

The Council specified that AMLA “will be given the power to settle disagreements with a binding effect in the context of financial sector colleges[11] and, in any other case, upon the request of a financial supervisor.”[12]

Full details regarding the AMLA proposal are available in the EC Explanatory Memorandum for that proposal.[13]

One element of the AMLA’s establishment is still being resolved.  In its announcement of the AMLA proposal, the European Council made clear that it and Parliament are still negotiating the principles of the selection process of the AMLA’s seat location within the EU. Once there is agreement on the seat selection process, the EC noted that the seat selection process will be concluded and the location will be introduced in the regulation.[14]

The next steps for the AMLA involve finalization of the text of the provisional agreement and presentation of that text to EU Member States’ representatives and the European Parliament for approval.  Even after those approvals, the Council and the Parliament must still formally adopt the texts.  In addition, the Council stated that negotiations between it and Parliament on the second and third proposals (i.e., AML requirements for the private sector and the directive on AML mechanisms were still ongoing as of December 13).[15]

Observations

The December 13 announcement indicates substantial progress toward establishing the new AMLA.  Although the AMLA Explanatory Memorandum contains considerable detail about the intended scope of AMLA’s authority, several brief observations regarding the provisional agreement are in order:

1. Supervisory Powers

The AMLA Explanatory Memorandum indicates that in deciding on the scope and extent of AMLA’s authority, the EC rejected the idea of allowing AML supervision to continue to be conducted at the national level or establishing indirect oversight over all obliged entities. It chose to vest AMLA with direct supervisory powers over selected risky obliged entities in the financial sector subject to AML/CFT requirements and indirect oversight over all other entities, but stopped short of empowering AMLA with direct EU-level anti-money laundering supervision of all obliged entities.[16]

The Explanatory Memorandum also provides broad guidance on what is meant by “selected risky obliged entities.”  It states that:

a limited number of the riskiest obliged entities should be directly supervised by the Authority. As ML/TF risks are not proportional to the size of the supervised entities, other criteria should be applied to identify the most risky entities. In particular, two categories should be considered: high-risk cross-border credit and financial institutions with activity in a significant number of Member States, selected periodically; and, in exceptional cases, any entity whose material breaches of applicable requirements are not sufficiently or in a timely manner addressed by its national supervisor. Those entities would fall under the category of ‘selected obliged entities’.[17]

The Explanatory Memorandum does not further explain how limited the “limited number” should be.  The financial sector should therefore expect that AMLA will develop and publish its own criteria for making those determinations, presumably with reference to the preceding guidance in the Memorandum.

2. Financial Sanctions and Internal Policies and Procedures

Article 8(2) of the proposed Regulation specifies that in developing and maintaining “an up-to-date and harmonised AML supervisory methodology detailing the risk-based approach to supervision of obliged entities in the Union”, that methodology must include at least the following elements:

1. 1. “benchmarks and methodology for classification of obliged entities into risk categories on the basis of their residual risk profile, separately for each category of obliged entities”;
   2. “approaches to supervisory review of money laundering risk self-assessments of obliged entities”;
   3. “approaches to supervisory review of obliged entities’ internal policies and procedures of obliged entities, including customer due diligence policies”; and
   4. “approaches to supervisory evaluation of risk factors inherent in, or related to, customers, business relationships, transactions and delivery channels of obliged entities, as well as geographical risk factors.”[18]

3. Governance

The Executive Memorandum further describes AMLA’s organization and governance. It states that the General Board “will, in appropriate composition depending on the subject-matter, adopt all regulatory instruments, draft Regulatory and Technical Implementing Standards, Guidelines and Recommendations”, while the Executive Board “will be the governing body of the Authority.”  In particular, the Executive Board “will take all decisions towards individual obliged entities or individual supervisory authorities where the Authority is acting as a direct supervisor of selected obliged entities or as an indirect supervisor of non-selected obliged entities or non-financial obliged entities, having specific oversight powers towards their supervisory authorities.”

In addition, AMLA will have a Chair and an Executive Director, as well as an Administrative Board of Review “to deal with appeals against binding decisions of the Authority addressed to obliged entities under its direct supervision.”  Decisions of the Administrative Board of Review will be appealable to the Court of Justice of the European Union (CJEU).[19]  The CJEU, in turn, “shall have unlimited jurisdiction to review decisions of the Authority imposing an administrative pecuniary sanction or a periodic penalty payment”, and “may annul, reduce or increase the fine or periodic penalty payment imposed.”[20]

The Explanatory Memorandum, when it was issued in 2021, confidently predicted that AMLA “should be fully operation[al] by the beginning of 2024”, giving AMLA sufficient time to establish its headquarters in whatever Member State is selected for its seat.[21]  While more time will be needed for final approvals of the AMLA provisional agreement, there is no reason to expect any significant delays in obtaining those final approvals.

Footnotes

[1]   See, e.g., U.S. Department of Justice, Danske Bank Pleads Guilty to Fraud on U.S. Banks in Multi-Billion Dollar Scheme to Access the U.S. Financial System, December 13, 2022, https://www.justice.gov/opa/pr/danske-bank-pleads-guilty-fraud-us-banks-multi-billion-dollar-scheme-access-us-financial; Andrea Minto and Niels Skovmand Rasmussen, Approaching the Danske Bank Scandal in a “Tragedy of the Commons” Perspective: Implications for Anti-Money Laundering Institutional Design and Regulatory Reforms in Europe, 2 European Company and Financial Law Review 305 (2022), available at https://www.degruyter.com/document/doi/10.1515/ecfr-2022-0010/html?lang=en.

[2]   See Rupert Neate and Jennifer Rankin, Danske Bank money laundering ‘is biggest scandal in Europe’, The Guardian, September 20, 2018, https://www.theguardian.com/business/2018/sep/20/danske-bank-money-laundering-is-biggest-scandal-in-europe-european-commission.

[3]   European Union, European Commission, https://european-union.europa.eu/institutions-law-budget/institutions-and-bodies/search-all-eu-institutions-and-bodies/european-commission_en#:~:text=The%20European%20Commission%20is%20the,the%20Council%20of%20the%20EU.

[4]   Council of the European Union, Anti-money laundering: Council and Parliament agree to create new authority, December 13, 2023, https://www.consilium.europa.eu/en/press/press-releases/2023/12/13/anti-money-laundering-council-and-parliament-agree-to-create-new-authority/.

[5]   See Council of the European Union, Anti-money laundering: Council and Parliament strike deal on stricter rules, January 18, 2024, https://www.consilium.europa.eu/en/press/press-releases/2024/01/18/anti-money-laundering-council-and-parliament-strike-deal-on-stricter-rules/.

[6]   Council of the European Union, supra note 4.

[7]   Id.

[8]   Id.

[9]   Id.

[10]   Id.

[11]   Within the EU, financial sector supervisory colleges “are designed to promote enhanced cooperation between authorities responsible for the supervision of banking group entities located in different jurisdictions.”  L’Autorité de Contrôle Prudentiel et de Résolution, Supervisory colleges, https://acpr.banque-france.fr/en/europe-international/cooperation-and-cross-cutting-aspects/supervisory-colleges. Such colleges include AML/CFT colleges.  See PwC, European Banking Authority observations on AML/CFT colleges, https://www.pwc.pl/en/articles/european-banking-authority-observations-on-aml-cft-colleges.html.

[12]   Council of the European Union, supra note 4.

[13]   See European Commission, Proposal for a Regulation of the European Parliament and of the Council establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) 1094/2010, (EU) 1095/2010 (July 20, 2021), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52021PC0421.

[14]   See Council of the European Union, supra note 4.

[15]   See id.

[16]   See European Commission, supra note 13.

[17]   Id. Preamble ¶15 (emphasis supplied).

[18]   Id. Article 8(2).

[19]   Id. Other Elements.

[20]   Id. Article 26.

[21]  Id. Preamble ¶64.

Jonathan J. Rusch is Director of the U.S. and International Anti-Corruption Law Program and Adjunct Professor at American University Washington College of Law; Adjunct Professor at Georgetown University Law Center; a Senior Fellow at New York University School of Law’s Program on Corporate Compliance and Enforcement; and Principal of DTG Risk & Compliance LLC. He is a former Deputy Chief in the U.S. Department of Justice’s Fraud Section, and former Senior Vice President and Head of Anti-Bribery & Corruption Governance at Wells Fargo.

The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).