Attention needed EU proposes to significantly overhaul MLD5

On 20 July 2021, the EU Commission published a package of legislative proposals which significantly overhauls the existing EU anti-money laundering (AML) and countering terrorism financing (CTF) framework. The package contains four legislative proposals with detailed and wide-reaching amendments. Please refer to our briefing for further details. We summarise the key aspects under each below.

(a) A new Regulation to establish a new authority for EU AML/CFT: The new Regulation proposes establishing a new authority for AML/CFT Authority (AMLA).

(b) A new Regulation establishing a single rulebook for EU AML/CFTI: The new Regulation transfers provisions from the existing MLD4 and MLD5 and introduces a number of substantive changes including:

• expanding "obliged entities" to include all crypto-asset service providers, crowdfunding service providers falling outside the scope of the EU Crowd Funding Regulation ((EU) 2020/1503), and other businesses which we do not list here;
  introducing a new grey list of third countries which are not on the EU AML high risk list, but are on the FATF list of monitored jurisdictions;
• prescribing data which must be obtained as part of standard due diligence as well as data on beneficial owners
• requiring all obliged entities to appoint a board director (or equivalent) to be responsible for the implementation of measures to ensure compliance with the EU AML regulatory framework;
• requiring all obliged entities to appoint one compliance manager to be responsible for the day-to-day implementation of the obliged entity's AML/CFT controls; and
• banning anonymous crypto-asset wallets.

The full AML/CTF rulebook, including technical standards, is expected to be in place and apply by the end of 2025.

(c) A new Directive on AML/CFT repealing and replacing MLD4 (as amended by MLD5): The key proposals in the proposed Directive are:

• host member states can require electronic money issuers, payment service providers, and crypto-assets service providers that are operating in their territory, to appoint a central contact point in the host member state's territory; and
• the requirement for cryptoasset service providers to register with a local regulator (under MLD5) has been removed. We assume this is in anticipation of the introduction of MiCA, which proposes registration / licensing requirements, and therefore makes the registration requirements under MLD5 redundant

(d) A revised 2015 Regulation on Transfers of Funds (2015/847/EU) to trace transfers of cryptoassets: The Regulation is being extended to cover transfers of cryptoassets. Therefore, full information about the sender and beneficiary of transfers will have to be included by cryptoasset service providers in the same way payment service providers currently do for wire transfers.

Linked, on 29 July 2021, the European Banking Authority (EBA) also launched a consultation on new guidelines on the role, tasks and responsibilities of AML/CFT compliance officers. The guidelines include provisions on the wider AML/CFT governance set-up.