ARTICLE
28 February 2025

AML-CTF Package: Gear Up Now! (Video)

CL
CMS Luxembourg

Contributor

CMS Luxembourg logo
Active in the Grand-Duchy since 2011, CMS Luxembourg combine a deep understanding of the local market with the global overview of the CMS network. Our 70+ lawyers specialise in Banking & Finance, Corporate/M&A, Investment Funds and Tax but are also able to assist our clients on Commercial, Dispute Resolution, Employment, Capital Markets, ESG as well as Insurance matters.
Explore Firm Details
We will be presenting the new AML-CTF package which has been adopted earlier this year in a series of videos. The current AML-CTF obligations and requirement are mainly set out under an EU directive.
Luxembourg Government, Public Sector
Aurelia Viemont,Mélanie Poirrier, and Delia Nesbitt
Your Author LinkedIn Connections

The anti-money laundering and counter terrorist financing ("AML-CTF") package is composed of four legislative texts aiming at harmonising and strengthening AML-CTF rules in the European Union. The AML-CTF Package will entail the need for obliged entities to review and adapt their current policies and procedures, internal processes and controls.

To help you better prepare for the upcoming changes entailed by the AML-CTF Package, we are thrilled to invite you on a journey of discovery! Join us as we explore the most significant changes introduced by the AML-CTF Package through a series of engaging and insightful videos.

Our regulatory team is expertly positioned to guide you in understanding and properly implementing the upcoming changes. Feel free to reach out in case of any questions.

1. Introduction

1591192a.jpg

We will be presenting the new AML-CTF package which has been adopted earlier this year in a series of videos. The current AML-CTF obligations and requirement are mainly set out under an EU directive. As you know, EU directives require national implementation. This has led to fragmented approaches across Member States. At the same time, money laundering and terrorist financing techniques have evolved to become more sophisticated and difficult to fight. Hence the need for a harmonised and reinforced framework.

The EU AML-CTF package consists of 4 different texts: - a directive which addresses the organisation of the AML/CTF framework at national level;- a regulation establishing a new EU anti-money laundering authority; -a regulation on anti-money-laundering requirements for the private sector which sets out the core requirements and obligations; and -a regulation recasting the regulation on transfers of funds. What is the timeline for the next steps?

Main date for implementation and application both for the AMLD and the AMLR is set at July 2027 whilst the new AML authority will already start its operations in 2025. Stay tuned for more videos to come during which we will dive into the details of this package, concentrating on the regulation.

2. Extended scope of obliged entities

1591192b.jpg

We focus on the scope of the AML Regulation which will slightly differ from what is currently applicable. Indeed, to address emerging risks of money laundering or terrorist financing in the internal market, the AML Regulation expands the list of obliged entities which will be subject to anti-money laundering and counter-terrorist financing requirements.

New players subject to the AML Regulation include cryptoassets service providers, as defined under MiCAR, as well as crowdfunding service providers and intermediaries. Professional football clubs and agents for certain transactions as well as providers of gambling services will also become obliged entities. However, for those entities, an option is given to Member States to decide not to apply all or some requirements of the AML Regulation, under specific conditions.

The AML Regulation will also include persons trading in high-value goods as a regular or principal professional activity. A list of high-value goods is set out under the Regulation and include, for instance, jewellery or clocks of a value exceeding 10,000 euros or motor vehicles of a price exceeding 250,000 euros.

Lastly, the AML Regulation also introduces a new requirement for occasional transactions in cash equal or superior to 3,000 euros. In this respect, when carrying out such transactions, obliged entities will need to at least identify and verify the identity of the customer. What is the impact of those changes to the scope of the AML Regulation? Well, you must first determine whether your entity could become an obliged entity under the AML Regulation. If so, you will need to get ready to implement the requirements which apply to you. As for entities already subject to AML-CTF requirements, internal policies and procedures will need to be reviewed to ensure, for instance, that relevant due diligence measures are applied for cash payments equal to or above 3,000 euros.

3. Who is the customer?

1591192c.jpg

As from the entry into force of the AML Regulation, all customer due diligence measures will be set out in this single piece of regulation under a dedicated chapter.

As it is already the case, customer due diligence measures require obliged entities to gather information on customers such as, for natural persons, name, surname, place and date of birth, nationality, usual place of residence and for legal persons, legal form and name, address of registered office, names of legal representatives, etc.

An important question emerges: who exactly should be considered a "customer" of an obliged entity?

Interestingly, the AML Regulation does not provide a specific definition of "customer". Therefore, at least the individual or entity with whom a business relationship exists—or for whom an occasional transaction is conducted—should be considered as the customer.

Despite the absence of a definition of customer, the AML Regulation will introduce useful guidance as to who should be considered as customers in specific situations.

Here are some examples:

  • For persons trading in precious metals, stones, high-value goods, or cultural items—including when this is carried out by art galleries and auction houses where the transaction value reaches or exceeds 10,000 EUR—the customer will include both the direct customer and the supplier of goods.
  • For legal professionals (such as notaries and lawyers) to the extent that they are the only notary or lawyer intermediating that transaction: both parties to the transaction will be considered customers.
  • For real estate agents: both parties to the transaction will be considered customers.
  • For payment initiation services carried out by payment initiation service providers: the merchant will be the identified customer.
  • For crowdfunding service providers/intermediaries: the customer will include both the individual or entity seeking funding and those providing it through the platform.

In conclusion, the new AML-CTF package will bring clarity as to who should be identified as customer in those specific situations, thus strengthening AML frameworks and ensuring compliance across diverse industries.

Obliged entities will therefore need to review their internal processes, policies and procedures to make sure that these changes are reflected before the entry into application of the AML Regulation in July 2027.

4. Triggering of customer due diligence measures

1591192d.jpg

As it is currently the case, customer due diligence measures must be applied by obliged entities in notably the following circumstances:

  • when establishing a business relationship.
  • when carrying out an occasional transaction. The previous threshold triggering the application of CDD measures has been lowered to EUR 10,000 (against EUR 15,000 currently) thus encompassing a larger scope of transactions for obliged entities.
  • for transactions in cash of at least EUR 3,000, limited CDD measures must in principle also be applied.
  • credit institutions and financial institutions (apart from CASPs) are required to apply CDD measures when initiating or executing an occasional transaction constituting a transfer of funds of a least EUR 1,000. Specific requirements apply for CASPs.
  • in addition to the above, the AML Regulation broadens the scope of situations in which CDD measures must be applied:
  • when participating in the creation of legal entities, the setting up of a legal arrangement or, for auditors or legal professionals in the transfer of ownership of a legal entity, irrespective of the value of the transaction;
  • when there is a suspicion ofML-TF, regardless of any derogation, exemption or threshold,
  • where there are doubts about the veracity or adequacy of previously obtained customer identification data;
  • where there are doubts as to whether the person, they interact with is the customer or person authorised to act on behalf of the customer.

The AML Regulation also includes certain exemptions, for example supervisors will have the possibility to exempt obliged entities from applying customer CDD measures with respect to electronic money if the product is considered low risk, provided that certain conditions are met.

5. Broadening the scope of CDD measures

1591192e.jpg

We will be diving into the scope of customer due diligence (or CDD) measures under the new AML Regulation which, as you will see, is set to become broader than the current regime.

Indeed, while the AML Regulation will retain existing CDD measures, such as the obligation to identify and verify the identity of the customer, it will also go one step further by introducing new enhanced obligations for obliged entities.

So, what are these new CDD measures introduced by the AML Regulation?

To begin with, the AML Regulation will require more detailed information on the purpose and intended nature of a business relationship or occasional transaction.

In that respect, obliged entities will be required to obtain information regarding the purpose and economic rationale of the contemplated transaction, the estimated value of planned activities, the source and destination of funds, and even the customer's business activity or occupation.

Another new key addition is the requirement for obliged entities to assess and obtain detailed information about the nature of their customer's business, including their professional activities, employment, or occupation.

I also wanted to focus on a major change brought by the AML Regulation regarding sanctions' screening as monitoring targeted financial sanctions will now become integrated into the scope of CDD measures.

In other words, obliged entities will be required to verify whether their customers and their beneficial owners are subject to targeted financial sanctions as part of their professional obligations.

In that respect, the AML Regulation clarifies that when dealing with a customer that is a legal person, obliged entities will need to screen any natural or legal person controlling the legal person or holding more than 50% of the proprietary rights or majority interest in that legal person (whether individually or collectively) against lists of targeted financial sanctions.

Despite this broader scope introduced by the AML Regulation, CDD measures will still be applied on a risk-based approach, ensuring that the extent of professional obligations implemented by an obliged entity remains adequate to the level of risk involved.

What happens if an obliged entity is unable to perform the required CDD measures?

Well, it will need to refrain from carrying out the transaction or establishing the business relationship, or terminate the existing relationship, and consider filing a suspicious activity report to the financial intelligence unit. However, this does not apply to legal professionals advising or representing clients in judicial proceedings, such as lawyers for instance.

Lastly, obliged entities will be required to report any discrepancies between the information gathered during their CDD checks and the information made available in central registers, such as the register of beneficial owners, to the exclusion of minor issues like typographical errors or outdated but otherwise reliable information. Obliged entities will further need to request the relevant person or entity to update their information accordingly.

If you are an obliged entity subject to AML-CTF requirements, you might want to prepare for the upcoming into force of the AML-CTF Package and already review your policies and procedures to identify which CDD measures under the AML Regulation will need to be implemented within your entity.

6. The Risk-based approached principle

1591192f.jpg

A principle which is at the heart of the AML-CTF legal and regulatory framework, named the "risk-based approach".

Although this principle will remain largely unchanged under the AML-CTF Package, certain clarifications will still be introduced, notably by way of guidelines published by the Anti-money-laundering authority (AMLA).

To give you a bit of background, the objective of this risk-based approach is to ensure that AML-CTF measures which are implemented by obliged entities are proportionate and tailored to the risks of money laundering and terrorist financing at hand.

This risk-based approach must be adopted by obliged entities both internally, meaning in their internal organisation, to address the risks of money laundering and terrorist financing posed by their activities and (ii) externally, towards their customers, to take into consideration the specific risks of money laundering or terrorist financing, of each customer.

The main point of the risk-based approach lies in the carrying out of a risk assessment whereby obliged entities identify, assess, and understand the risks of money laundering and terrorist financing posed both by their activities and their clients.

This risk assessment is carried out by taking into consideration a series of risk factors, which are now included under Annex II (for the Lower risk factors) and Annex III (for the Higher risk factors) of the AML Regulation.

Such risk factors remain unchanged and will relate to customer risk factors, the types of products, services, transactions, or delivery channels provided by the obliged entity as well as the geographical risk factors.

The Guidelines of the AMLA are expected by 10 July 2026 in this respect.

In conclusion, the new AML-CTF package does not change the principle of the risk-based approach, but further details will be provided by way of guidelines taken by AMLA.

Consequently, obliged entities will most certainly need to review and update their internal processes, policies, and procedures before the AML Regulation comes into effect in July 2027.

7. Simplified due diligence measures

1591192g.jpg

In accordance with the "risk-based approach", obliged entities adjust the extent of customer due diligence measures to the level of risk of money laundering or terrorist financing of each of their customer.

When, after having carried out their risk assessment, obliged entities are faced with a business relationship or transaction which presents a low degree of money laundering or terrorist financing risk.

As it is already the case under the current regime, the new AML-CTF regulation will give obliged entities the possibility (and not the obligation) to apply simplified due diligence measures.

What is new, however, is that the AML-CTF regulation contains a dedicated Article setting out a list of simplified due diligence measures which may be applied by obliged entities.

What are these simplified due diligence (SDD) measures?

Well, obliged entities will be able to, for instance:

  • Verify the customer and beneficial owner's identity after the business relationship begins (within 60 days).
  • Reduce the frequency of identity updates
  • Collect less information about the purpose of the relationship or infer it from transactions.
  • Reduce transaction scrutiny
  • Apply other simplified measures identified by AMLA

Obliged entities shall refrain from applying simplified customer due diligence measures in certain circumstances and notably when, for example there's doubt about the truthfulness of the customer or beneficial owner's information (at the stage of the identification or inconsistencies are detected).

In conclusion, the new AML-CTF regulation introduces a structured framework for applying simplified due diligence (SDD) measures in low-risk business relationships or transactions.

8. Enhanced due diligence

1591192h.jpg

Obliged entities adapt the extent of customer due diligence measures applied to a business relationship to the level of risk of money laundering or terrorist financing that this given relationship presents.

In this respect, when faced with customers presenting a high risk of money laundering or terrorist financing, obliged entities will have the obligation (and not the possibility) to apply enhanced due diligence measures to that business relationship.

As it is already the case under the current regime, the application of enhanced due diligence measures may result from two scenarios: on the one hand, where an obliged entity considers a client as presenting a high risk of money laundering or terrorist financing on the basis of the risk assessment carried out for that customers, and on the other hand, there are situations in which EDD must automatically be applied.

Regarding the latter scenario, the AML regulation expressly provides for specific situations in which EDD must be applied such as for instance business relationships or transactions involving third countries with compliance weaknesses in their national AML/CFT regimes, applicants for residence by investment schemes as well as specific and additional measures for high risk business relationships involving the handling of assets with a value of at least 5million through personalised services for a customer holding total assets with a value of at least 50 million euros.

But what is meant by applying "enhanced due diligence" measures? Well, the new AML Regulation contains a dedicated article listing such measures. In addition to the EDD measures which are already applied by obliged entities, new measures have now been introduced, such as:

Gathering more information on the reasons for the intended or performed transactions and their consistency with the business relationship, and

Requiring the initial payments to go through an account in the customer's name at a CDD compliant institution.

In conclusion, the new AML regulation establishes clear guidelines for the application of enhanced due diligence (EDD) measures.

It is therefore important for entities to keep their internal procedures up to date to reflect this requirement, thus ensuring compliance and effective management of high-risk situations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Aurelia Viemont
Aurelia Viemont
Photo of Mélanie Poirrier
Mélanie Poirrier
Photo of Delia Nesbitt
Delia Nesbitt
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More