The general term ‘Anti-Money Laundering’ – AML – encompasses the entirety of anti-fraud processes. AML consists of regulations which place the burden of preventing, detecting, and reporting fraudulent money laundering activities on institutions.
AML has been regulated at the EU level by a string of anti-money laundering Directives, starting in the 1990s – parallel to the development of OECD-backed Financial Action Task Force standards. Directive 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing – the fourth AML Directive – is currently the main legal instrument that lays down the ground rules that are to prevent the abuse of the EU’s financial systems for the purposes of money laundering.
These acts have been – or shall soon be, in the case of the two most recent Directives – implemented into the Polish legal system through the Act of 1 March 2018 on combating money laundering and the financing of terrorism. In the case of the UK, the have been implemented via the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). Considering the complexity of the regulations, this article will focus exclusively on the problem of combating money laundering in Poland.
The list of entities obliged to apply the AML regulations – the ‘obliged institutions’ – includes core financial market participants such as banks, credit- and financial institutions, investment companies and investment funds. It also includes certain insurance establishments and intermediaries, real estate managers, as well as a broad catalogue of entities (entrepreneurs, foundations, associations) that pay or accept cash during transactions, for the equivalent of €10,000 or more.
The key aspect of AML obligations is risk assessment. Primary risk assessment practices, as outlined in article 34 of the Polish act, are essential to specify what level of financial security measures should be applied to the customers. The risk of money laundering and the financing of terrorist activity should be analysed and documented when entering into new business relationships, in the case of incidental transactions of a certain monetary scope – when cash transactions exceed €10,000, when the risk of financial fraud is suspected, as well as when doubts as to the identity of the customer appear. The primary risk assessment is based on factors such as type of customer, geographic area of activity, purpose of the bank account, type of products, services, and their distribution, value of transaction, as well as the strength of the business relationship. The identity of the customer and their ultimate business owner should be identified prior to the start of a working business relationship or the execution of an incidental transaction.
Financial security measures include the identification of the customer and his final ultimate beneficial owner, as well as identifying the ownership structure of a legal entity, the evaluation of the customer’s other business relationships, as well as their ongoing monitoring. If the primary risk assessment indicates a lowered risk of money laundering and the financing of terrorism, the obligated institution may apply simplified financial security measures. Conversely, if the risk seems elevated, an enhanced standard of security measures must also be applied.
The Polish act provides a non-exhaustive list of circumstances that can justify a lower standard of financial security measures. These include as the customer being a public sector body, a state enterprise, a resident of an EU member state, or a company trading its securities on a regulated market subject to information disclosure requirements as laid out in EU law. The conditions that justify the application of a higher standard of vigilance, on the other hand, are for example an atypical and complicated ownership structure for the type of activity, an atypical style of forming business relationships, or activity that requires the execution of large or multiple cash transactions. Enhanced due diligence must also be applied if the customer is from, or is headquartered in, a third country with strategic deficiencies in its anti-money laundering and counter-terrorist financing frameworks. If the customer is operating in high-risk sectors (such as petrochemicals, arms or virtual currencies), or if there are dealings with politically exposed persons and their families, enhanced measures must also be undertaken.
Parallel to the detection obligations, reporting rules have been introduced. Obligated institutions must report transactions over €15,000 to GIIF, the Polish inspector of financial information, as well as signal any potential criminal activity or suspicious transaction. Institutions that do not fulfil their obligations shall be subject to administrative penalties (up to €5m). Criminal liability is foreseen towards entities that either fail to pass on information or provide inaccurate or false data (up to five years of imprisonment).
In the light of recent legislative trends, a regular increase in anti-money laundering obligations is to be expected. AML will become a permanent feature especially in FinTech and cryptocurrency – and even among art dealers. Given the severe penalties and the wide range of obligations imposed on the market, entities encountering atypical transactions will implement appropriate safeguards to detect and exit risky transactions at the earliest possible stage of establishing a business relationship. However, only time will tell whether the measures taken will prove effective.