Milda Valevice, Legal Counsel, Citco Global Subsidiary Governance Services (GSGS) gives compliance advice following the step change we are currently seeing in the scope of anti-money laundering regulation around the world.

In April 2018, the European Parliament adopted the European Commission’s 5th Anti–Money Laundering (AML) Directive, which brings crypto assets, online payments and company ownership under scrutiny. The European Union’s 4th AML Directive emphasised transparency in the ultimate beneficial ownership of legal entities and enhanced customer due diligence. The 5th AML Directive has given EU institutions more authority to audit and control how businesses adhere to beneficial owners’ disclosure requirements. The Directive also introduces standards for those dealing with electronic payments and cryptocurrencies, a notable development in light of the enormous growth of the global blockchain market. Clearly, regulators are not content to tolerate the perceived opacity of this burgeoning industry. The initial European AML Directive was limited to regulation and supervision of the traditional financial sector, but the scope has been expanded ever since: real estate professionals, accountants, company service providers, virtual currency exchange platforms and custodian wallet providers are all now required to identify their clients and report suspicious transactions to authorities. The implication for the rest of the business world is that every time you engage one of the in-scope entities, you will be asked for various documents to properly establish your identity. Such documentation could include the identity of directors, shareholders and owners, the company’s structure and purpose, or the source and destination of the funds in question.

Regulators get tough

Not only has the scope of the regulation increased, but regulators have been encouraged to crack down much more aggressively. The potential fines faced by companies are now considerable. In 2017, Rolls Royce forfeited just over half a billion pounds for offences relating to corruption in Indonesia and Mainland China and five other countries. Regulators have initiated random check protocols and have increased the rate at which companies are investigated to levels not seen before. Last year, the UK’s Financial Conduct Authority reported that it had performed 75% more checks than in the previous year. Illustrating a step change in the scope of AML regulation, investigations against individuals have also increased, targeting individuals like CEOs, compliance officers and other responsible personnel. No longer are AML discrepancies merely an abstract corporate failure for which blame and consequence manifest themselves only through monetary fines and sanctions. Now, the individual can and will face consequences for irregularities in their AML adherence.

How to ensure compliance

The legal framework is complex. To collect and issue all required information to banks, legal professionals, company service providers, or real estate agents requires expert resources as well as a significant amount of time. The format of AML forms, and the content of requests, varies from very standardised to extremely customised and detailed. You are also required to provide this information prior to entering into a business relationship. The key steps to ensure compliance are the preparation and maintenance of beneficial owners’ registers and ensuring that you make the correct initial filings with relevant local authorities on time and whenever there are any changes to the status of beneficial owners. There is another consideration too. The EU’s General Data Protection Regulation (GDPR) has created additional complexity when it comes to ensuring AML compliance, due to the competing, and in some senses contradictory, aims of the two pieces of legislation. As AML rules seek to increase the amount of data tracked about companies and individuals, GDPR seeks to limit it. As companies respond to the new AML rules, they will need to work hand in hand with legal advisers and other expert parties to ensure they are walking the right balance between AML and GDPR, particularly when it comes to documenting the legal basis for the collecting and storing of personal information.

A global trend

In this context, AML compliance should be high on the corporate agenda in 2019. All entities domiciled in the EU must comply with the 5th Directive by the end of 2019. Companies with subsidiaries in the EU need to ensure that their documentation is in order. Moreover, other jurisdictions outside the EU have been adopting similar AML requirements. Here in Hong Kong, the Companies (Amendment) Ordinance 2018 (the Amendment Ordinance), which came into operation on 1 March 2018, introduced new requirements for companies incorporated in Hong Kong to enhance the transparency of corporate beneficial ownership. Companies incorporated in Hong Kong are now required to obtain and maintain up-to-date beneficial ownership information, by way of keeping a significant controllers register for inspection by law enforcement officers upon demand. Milda Valevice Legal Counsel, Citco Global Subsidiary Governance Services (GSGS) For more information, please contact: gsgs@citco.com.