The five main impacts of 5AMLD regulation for financial institutions

27 June 2017

Matt Taylor, a Managing Director in the Risk and Compliance wing of Protiviti, reflects on the impact of the Fifth EU AML Directive (5AMLD) and provides tips how organisations can best prepare for the new regulation.

Following the approval of the Fourth European Union (EU) Anti-Money Laundering (AML) Directive (4AMLD) in 2015, the “obliged entities” in scope have been subject to an ever-changing regulatory landscape as further amendments to 4AMLD were proposed in 2016.

Because of the release of the Panama Papers, a range of terror attacks in Europe and the EU Parliament’s desire to align with the  Financial Action Task Force (FATF) AML recommendations, the approval for amendments to 4AMLD are still underway. Additional parliamentary meetings and various counterproposals have contributed to further discussion and revision of the 4AMLD amendments, in an effort to adapt to new and emerging threats facing the existing AML framework. The proposed amendments to 4AMLD are now being addressed in what is referred to as the 5AMLD (or “Compromise Text”) and remain under review. 

As it stands, the agreed-on 4AMLD text and the transposition date of June 26, 2017, will remain, but financial institutions should anticipate further regulatory change to come from the adoption of the 5AMLD. The directive will enter into force three days following its publication in the Official Journal of the European Union and must be transposed within six months of the same publication. It is anticipated that the EU Parliament’s adoption of the amendments will occur in June 2017. 

The 5AMLD proposes 5 main requirements that impact financial institutions

The 5AMLD proposes five main requirements that impact financial institutions:

1) Extending the Directive Scope to include Virtual Currencies

The 4AMLD has defined “obliged entities” as financial institutions, accountants, tax advisors, lawyers, trust providers and estate/letting agents with whom the trustees form a business relationship. 

The 5AMLD has further broadened the scope of obliged entities to include virtual currencies, anonymous prepaid cards and other, digital currencies such as bitcoin exchanges and wallet services to the list of activities carrying the risk of money laundering and terrorist financing (ML/TF). The 5AMLD better defines “virtual currencies” under EU law, and includes the requirement to adopt this legal definition in AML legislation across all member states.

Under the proposed 5AMLD, providers engaged in exchange services between virtual and fiat currencies and custodian wallet providers will be required to conduct ongoing monitoring of relationships and report suspicious activity to government entities. While regulators may not be focused on such currencies at present, increased scrutiny is expected on these operations and the structures of such firms. Discussions have begun on developing a central database for registering users’ identities and wallet addresses, in addition to potential self-declaration forms for virtual currency users. This suggests that future implications and obligations may become even more far-reaching, as transparency and anonymity become a focus for these payment technologies. 

How to Prepare
Virtual currency exchanges and wallet providers will need to become accustomed to the new regulatory framework set out in the directive to identify and mitigate ML/TF risks posed by virtual currency payment products and services. Providers of exchange services in virtual and fiat currencies must develop and implement policies and effective mechanisms to combat ML/TF risks in preparation for compliance with 5AMLD requirements. 

Separately, the 4AMLD requires currency exchange and cheque cashing offices, and trust or company service providers to be licenced or registered, and providers of gambling services to be regulated. The 5AMLD underscores the same requirements, and goes further to require EU Member States to ensure providers of exchange services between virtual currencies, fiat currencies and custodian wallet providers are registered. 

2) Addressing the Issue of Anonymity in Relation to Prepaid Cards

The proposed updates in 5AMLD related to use of prepaid cards aim to address the issue of anonymity associated with such payment mechanisms. EU member states will be required to identify the customer in the case of remote payment transactions where the amount paid exceeds €50. After 36 months from 5AMLD being entered into force, identification shall be applied to all remote payment transactions. 

In the event that a risk assessment classifies a customer as low risk, member states may allow obliged entities to be exempt from certain customer due diligence measures with respect to electronic money where a number of risk-mitigating conditions are met. Such conditions include, but are not limited to:

  • Maximum stored electronically amount is €150 (in the 4AMLD this threshold was set at €250)
  • Payment instrument is not reloadable and has a monthly maximum payment transaction limit of €150 (for use only in that member state)
  • Sole use of the payment instrument is for the purchase goods or services
  • Must not be funded with anonymous electronic money.

The 5AMLD outlines new requirements to restrict the use of prepaid cards issued by third countries

In addition, a provision has been made for anonymous prepaid cards issued outside the EU in third countries. The 5AMLD outlines new requirements for member states to restrict the use of prepaid cards issued by third countries only to those third countries deemed to be sufficiently compliant with requirements set out in current EU AML legislation.

How to Prepare
Obliged entities will be required to perform checks on prepaid card transactions in accordance with the revised thresholds, and they will need to be able to first identity, and then refuse, payments made with anonymous prepaid cards from countries deemed to have insufficient AML standards. Systems and controls should be tested to ensure that thresholds can be adjusted to meet the requirements of the 4AMLD and the 5AMLD as required. An operational impact assessment should be completed to create or revise existing procedures, resources, governance, system requirements, etc., to meet these proposed obligations. 

3) Beneficial Ownership Registers

A key change adopted through the 4AMLD was the requirement for beneficial ownership registers, whereby member states will be required to obtain and hold adequate, accurate and current information on corporate and other legal entities, including trusts and similar legal arrangements, incorporated or administered within their respective member state.

The 5AMLD further clarifies requirements and timing for the implementation of such registers. Member states must be compliant with register requirements within 18 months of the 5AMLD implementation date. Registers must be interconnected to the European central platform within 18 months of its implementation in accordance with the technical specifications and procedures set out in Article 4C of Directive 2009/101/EC.

Public access will be granted for those individuals or organisations that demonstrate a legitimate interest in the beneficial ownership information. EU member states may choose to broaden access in their national laws (e.g. public access for transparency); however, access to register information must be granted within 18 months of implementation.

How to Prepare
Obliged entities should assess the information available in know your customer (KYC) records and begin the information-gathering processes to mitigate any gaps in the beneficial ownership data.

Where there may be gaps or new requirements to obtain beneficial ownership information, KYC periodic reviews should be used as an opportunity to obtain or confirm existing beneficial ownership information so the necessary information is available when it must be transferred into relevant beneficial ownership registers.

A formalised process to obtain, record and update the beneficial ownership information required for the register should be developed. Technical requirements, including access controls and operational challenges should also be considered and tested in preparation for compliance with 5AMLD requirements.

The 5AMLD has as goal to ensure a more integral approach to tackling financial crime

4) Enhancing cooperation and information sharing among EU financial intelligence units (FIUs)

In order to enhance and simplify access to information on the identity of holders of bank and payment accounts, the 5AMLD requires member states to put centralised automated mechanisms in place at the national level to identify payment accounts and bank accounts held by a credit institution, thereby developing a central source to identify all bank accounts for an individual person. Note that the 5AMLD leaves it up to each member state to ascertain and develop a central registry or data retrieval systems to comply. The proposed 5AMLD defines certain information that must be searchable and accessible in a timely manner through such registries, which includes, but is not limited to, the following:

  • Account holder: name and unique identification number, or other identification data deemed acceptable under national provisions per Article 13
  • Beneficial owner: name and unique identification number, or other identification data deemed acceptable under national provisions per Article 13
  • Bank or payment account: IBAN number and account open and close dates, as applicable. 

Under the 5AMLD, member states may consider requiring other information deemed essential for FIUs and competent authorities to fulfil their obligations under this directive to be accessible and searchable through the centralised mechanisms. Currently, limitations exist in certain member states, requiring the submission of a suspicious transaction report or identification of a predicate offence to be made prior to any request for information. The 5AMLD further enhances the powers of the EU FIUs, as they will be permitted to request information from any obliged entity. The proposed amendments in 5AMLD aim to extend the scope for FIUs to make information more easily accessible and align the approach for FIUs with international standards and best practices.

How to Prepare
As member state FIUs will be permitted to request information from any obliged entity, financial institutions should ensure that effective mechanisms are in place to coordinate information internally and enables timely responses to requests from FIUs. In the handling of these information requests, resources may need to be trained on the applicable data privacy laws, utilisation of beneficial ownership and bank account data in the central registers and new processes to provide information to FIUs. 

5) Developing a Consistent EU Approach Toward High-Risk Third Countries

The 5AMLD will require member states to apply a specific list of enhanced due diligence (EDD) measures for transactions involving entities on a list of high-risk third countries defined by the European Commission. This proposal outlines the minimum EDD measures obliged entities must apply, which will provide for a formalised approach and alignment of such EDD measures with the list of actions drawn up by the FATF. This will ultimately lessen differences in regulatory requirements between member states, minimising cases where a select number of EU countries commercially benefit relative to others adopting more stringent EDD requirements. Critically, this aims to reduce the ability of terrorists to exploit weaknesses in these measures. 

How to Prepare
Obliged entities should review and prepare to adopt the EU list of money laundering high-risk third countries into existing KYC processes. Risk rating methodologies may require updating and may necessitate assessment and modification of KYC systems and procedures, to fully address the EDD requirements set out in the 5AMLD for all transactions involving high-risk third countries.

Next Steps

The amendments proposed in the 5AMLD are set out with an overarching goal towards a consistent and harmonised approach across EU member states in mitigating ML and TF within the financial system. Simultaneously, the proposed amendments will further align the EU’s AML and CTF laws to the FATF AML recommendations, emphasising a move towards a more global approach to tackling financial crime. 

It is evident from the ongoing revisions and various iterations of the amendments that the 5AMLD has proved to be more controversial than the 4AMLD, particularly with prepaid cards and virtual currencies being more tightly regulated and uncertainty regarding the implementation of centralised registers. 

The 5AMLD is under review for any further counterproposal or approval between the EU Parliament and the European Council.  Discussions were scheduled for January 25, 2017, but have since been postponed to June 2017. Given the impending transposition date of June 26, 2017, for 4AMLD requirements to be adopted into national law, obliged entities should be poised to implement the requirements proposed in the 5AMLD, as the window between approval, publication into the Official Journal of the European Union, and transposition of 5AMLD, is a rather ambitious and short six months.


The business and operating models of digital-only banks

04 April 2019

In recent years, several digital-only banks have successfully managed to nestle themselves in the banking landscape, with their popularity continuing to increase. Looking at it from the customer’s point-of-view, there is little difference between these FinTech unicorns; looking at the bigger picture, however, reveals significant variation in their business models. Matyas Fekete, a consultant at KAE, explores some of the main similarities and differences in digi-bank business and operating models. 

What about the profit?

Unlike in the UK, in most of continental Europe, bank accounts and corresponding banking services are historically paid-for services. The fact that digital banks offer most of their services free of charge has undoubtedly helped them build a large customer base. On the other hand, despite comparatively low set-up and minimised operational costs compared to that of traditional banks, and given the lack of revenue stemming from the typically no-fee model, profitability has proved difficult to achieve. Monzo, for instance, recorded a net loss of £30+ per customer in its most recent financial year. 

In the start-up world, it is customary to focus on expansion rather than profit – see the case of Uber, for instance. Still, while profitability might not be their number one priority in their early stages of development, it must be a long-term goal of any business. With their ever-growing customer base, digital banks are increasingly under pressure to turn their business from loss- to profit-making. 

Credit where credit is due

Digital banks pride themselves on their fair (often meaning “free”) proposition and have so far stayed clear of offering loans (including credit cards & overdrafts), traditionally amongst the most lucrative products for traditional providers. Though somewhat reluctantly, newcomers are also realising that offering lending products is one of the most straightforward ways to offset losses made on their free, often high-cost services (e.g. overseas ATM withdrawals). Monzo, N26 and Starling have recently started offering credit products to their customers, with their loan offering expected to be extended to a wide range of services, from mortgages to overdrafts. Correspondingly, creating a lending portfolio can also pave the way for launching an interest-paying savings offering – a proposition seen as a basic banking product that is yet to feature in most digital banks’ portfolios. 

The business and operating models of digital-only banks

The premium customer

While most digital banks offer most of their products for free, some have extended their offering by paid-for premium services in order to create a revenue stream. As these premium features – including different types of insurance, unlimited free transfers/withdrawals, faster payment settlement or concierge services – are often offered in a subscription format, customers are typically prompted to pay for the full package rather than just the desired service(s), providing a significant revenue stream for the bank. Revolut, for instance, was amongst the first digital banks in Europe to break even earlier this year, a feat largely due to revenue from its premium subscription.

SMEs like digital too

Traditional banks typically service small and medium sized businesses under their retail rather than corporate banking arm. Having their product offering tested with consumers, and consequently gaining a reasonable customer base, digital banks have also identified SMEs as an ideal segment to extend their target audience to. The five FinTechs profiled have already gone, or plan to go, down this path by following up their consumer solution with a business account. While both propositions are typically built on similar features, some providers charge businesses a monthly subscription (e.g. Revolut), while others apply additional fees to specific services (e.g. TransferWise), banking on the expectation that businesses are more likely to be willing to pay for banking – something they are already used to doing. 

The marketplace model

While most digital banks offer a wide range of banking services, some of these tend to come from partnering with third-party providers. For instance, Starling Bank’s only proprietary product is its current account, which serves as a basis for the provision of ancillary services, ranging from loans to insurance, to investment opportunities. Instead of developing these services in-house, Starling enables a select group of partnering financial service providers access to its platform in exchange for a fee. In effect, Starling is using its customer base to create a market for its partners, charging a commission for each acquired customer. 

In such cases of digital banks applying this marketplace model, the majority of their income often comes from partners rather than customers. Naturally, only banks with a large enough customer base can be successful in this set-up, underlining the current intensity of competition amongst digital banks.

Banking as a Service

While customer-centricity is heralded amongst the main USPs of digital banks, some are looking beyond offering consumer-facing services to diversify their revenue streams. Starling, which is among the few digital banks built on its own proprietary platform, has recently leapt into the Banking as a Service (BaaS) industry, making its technology available to other start-ups looking to launch a digital bank. Naturally, this raises the question whether the two offerings could threaten each other’s success. Generally, as long as such partners operate in different markets, the two business lines should be able to thrive alongside each other. Further along the line, however, such partners could easily end up expanding their banking solution into the same market(s) as they aim for global success, and by doing so, becoming direct competitors. 

Different approach, same result?

It is fair to say that consumers in Europe looking to bank with a digital-only provider would have a difficult time finding relative advantages/disadvantages amongst the leading players in the industry. Still, despite the limited surface-level variety, exploring the business models of leading digital banks reveals different approaches to the challenge of making money. Alongside the more straightforward method of offering paid-for premium features/subscriptions, some are banking on the value that access to their customer base offers to third-parties, while others outsource their technology to neobanks wanting to focus on the Fin rather than the Tech. With competition amongst digital banks heating up, it will be interesting to see which business model(s) prove to be the winning formula in the long term.