During 2019-2020, EU countries will pass laws that introduce the 5th AML Directive (5MLD) into their respective national laws. Now is the time for your organization to invest in improving and optimizing your existing AML solutions to meet the increased challenges and regulator demands before it’s too late.

To that extent, we’ve created a checklist of requirements needed to stay compliant with the 5MLD and recommendations on how to prepare for it.

1. Regulation Implementation

Requirement: 5MLD was ratified by EU authorities in July 2018. EU member states have until September 2020 to transpose into national law.

How to prepare:

• Identify in which EU member states is your firm regulated now, and potential expansion in the next 2
• Monitor publications in EU countries for 5MLD implementation schedule
• Monitor publications for country-level modifications to regulation text (for example, tightened measures in some countries)

2. Remote Payments

Requirement: New requirement to perform KYC checks on remote payments exceeding EUR 50 (initially), and on all remote payments after 36 months.

How to prepare:

• Determine which proportion of your customer base is expected to perform such payments and perform a Gap Analysis between required KYC checks as detailed in the 5MLD text, vs. current KYC checks performed by your firm
• Complete an operational impact assessment to create or revise existing procedures, resources, governance, system requirements according to newly required capabilities
• Plan to test systems and controls to ensure KYC trigger thresholds can be adjusted based on payment value
• Determine if there is a need to implement a new capability to block payments with a high-risk profile
• Identify technology solutions for performing the additional required checks and plan for additional IT infrastructure (e.g. storage) needed for any additional data elements required

3. Extended Due Diligence (EDD)

Requirement: New obligation on all EU states to create national beneficiary owner registers.

How to prepare:

• Monitor official publications in all EU members states whereby the firm is regulated (or will be in the next 2 years), to keep track of the status of provision of national register.
• Design and build systems & processes to access registries to pull as much information as possible for risk analysis
• Identify, acquire and deploy a robust entity resolution platform that will enable collating data from various sources about the same entity

4. National Financial Intelligence Units (FIUs)

Requirement: EU Member State FIUs will be permitted to request information from any regulated entity.

How to prepare:

• Monitor official publications in all EU members states whereby the firm is regulated (or will be in the next 2 years), to keep track of FIU announcements and enforcement actions
• Design and build technology solutions that enable flexible, quick and versatile access to the data found within the organization

5. Virtual Currencies and Custodian Wallets

Requirement: Financial institutions engaged in exchange services between virtual and fiat currencies and custodian wallet providers will be required to conduct ongoing monitoring of relationships and report suspicious activity to government entities.

How to prepare:

• Review your current and expected portfolio of activity, to identify if any action taken by the firm creates a new legal burden under 5MLD
• Review your current customer base, to identify if their business includes newly regulated activities
• Create a plan of action to review the adequacy of the existing Operating Model (People, Processes, Technology), and identify any gaps
• Align compliance plan with 5MLD implementation schedule in each EU member state the firm is regulated in (or will be in the next 2 years)

Author: Yair Samban, VP Compliance & Fraud Services – EMEA

For more questions or assistance in implementing the following suggestions email yair.samban@matrix-ifs.com.