CLIFFORD CHANCE – The new AML/CFT package: the ‘silver bullet’ in the fight against cross-border money laundering and terrorism?

Article rédigé par Clifford Chance dans le cadre de leur sponsoring de l’ACA Insurance Days 2024 dont le contenu engage exclusivement son auteur.

On 19 June 2024, the Sixth Anti-Money Laundering Directive 2024/1640 (the, « AMLD6« ), the Anti-Money Laundering Regulation 2024/1624 (the « Single Rulebook Regulation » or « AMLR« ) and the AML Authority Regulation 2024/1620 (the « AMLAR« ) were published in the Official Journal of the EU (« OJ« ) after almost three years of negotiations.

Together with the revised Funds Transfer Regulation 2023/1113 (the « Funds Transfer Regulation« ) which was adopted a  year earlier, on 31 May 2023, they form part of the new EU anti-money laundering and counter terrorism financing (AML/CTF) package.  

This new AML/CTF package was originally proposed by the Commission in July 2021 and aimed at harmonising the AML/CTF rules across the EU, improving the detection of suspicious transactions and activities and closing loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system.

For the insurance sector, as key players in the financial services industry, this means adapting to stricter compliance requirements, enhanced reporting obligations and greater regulatory scrutiny. While these changes may lead to increased operational costs and human resources, they also present an opportunity for insurers which often operate on a cross-border basis to further strengthen their AML/CTF practices and contribute to a more transparent and secure EU financial system.

This note will provide a broad overview of these main new requirements as well as the legislative and expected implementation timeline. It will focus on the AMLD6, the AMLR and the AMLAR.

Overview of the new AML/CTF package

The new AML/CTF package responds to long-standing criticism regarding the variations in practices and approaches by competent authorities across the European Union (EU) and a lack of sufficiently effective arrangements for cross-border cooperation. While the successive directives tried to solve these issues with varying degrees of success, notably due to the difference of implementations and gold-plating approaches taken by certain Member States, the EU’s decision to adopt two regulations which are directly applicable in Member States marks a significant shift towards a more robust and harmonized AML/CTF framework within the European Union.

The key components of this new package are the following :

1. Single Rulebook Regulation: This regulation introduces a number of reforms to principles that were previously set out in the Anti-Money Laundering Directive (EU) 2015/849 (« AMLD4« ) as amended by the Anti-Money Laundering Directive (EU) 2018/843 (« AMLD5« ), which it replaces, as well as specific new measures. Itprovides for harmonised EU rules regarding (i) the scope of obliged entities, (ii) internal policies, controls and procedures of obliged entities, (iii) customer due diligence, (iv) beneficial ownership transparency, (v) reporting obligations, (vi) record-retention and (vii) measures to mitigate risks deriving from anonymous instruments.
2. AMLAR: This regulation creates a new EU-level authority, the Anti-Money Laundering Authority (« AMLA« ) which will be based in Frankfurt and will coordinate the different national supervisory authorities and ensure a consistent application of AML rules across the EU. The AMLA will have direct supervision of selected obliged entities (which may also include life insurance undertakings or life insurance intermediaries) and indirect supervision for non-selected obliged entities, thus ensuring more consistent and stringent enforcement across the EU. While the previous directives heavily relied on national supervision, the establishment of AMLA shows a willingness of the EU to take a more active role with a supranational supervision of entities in the financial sector having a high risk profile.
3. AMLD6:  The directive supplements the Single Rulebook Regulation by setting out penalties, powers, and administrative measures for national competent authorities (« NCAs« ) and financial intelligence units (« FIUs« ) as well as guidance regarding central beneficial ownership registers and their access.

Our focus will be on the new Single Rulebook Regulation that will directly impact the insurance sector.

Specific guidance and impact for the Luxembourg insurance sector

Interaction of the AML/CFT package with existing insurance sector rules

The Luxembourg AML/CFT framework applicable to in-scope insurance actors consists mainly of the Luxembourg law of 12 November 2004 on the fight against money laundering and terrorist financing (« ML/TF« ), as amended (the « 2004 Law« ), the Grand Ducal regulation of 1 February 2010 providing details on certain provisions of 2004 Law, the CAA Regulation No. 20/03 of 30 July 2020 relating to the fight against ML/TF, as amended (the « CAA Regulation 20/03« ) and other CAA circulars on the subject.

As mentioned above, whilst in the past the main instrument used by the European legislator were the AML/CTF directives and their implementation into national laws including the 2004 Law, the AML/CTF package will now include these rules in the directly applicable Single Rulebook Regulation and reserves for the AMLD6 to address the institutional AML/CTF framework.

The existing Luxembourg AML/CTF framework will therefore need to be substantially reshaped and redrafted to reflect this new articulation of rules. It is to be anticipated that, as most of the rules will derive directly from the Single Rulebook Regulation and future guidance of the AMLA, the input at Luxembourg level will be comparatively more limited.

Change to the scope of obliged entities

Pursuant to Article 2 of the 2004 Law, the following insurance sector actors fall within the scope of the 2004 Law:

• insurance undertakings authorized pursuant to the Luxembourg law of 7 December 2015, as amended (the « Insurance Sector Law« ) when they carry out life insurance activities;
• insurance intermediaries authorized pursuant to the Insurance Sector Law where they act with respect to life insurance and other investment-related services;
• professionals of the insurance sector (« PSAs« ) authorised to carry out their business in Luxembourg pursuant to the Insurance Sector Law;
• insurance and reinsurance undertakings and their intermediaries whenever they perform credit (Class 14) and surety (Class 15) operations.

Generally speaking, non-life insurance undertakings and reinsurance undertakings therefore do not fall within the scope of the existing Luxembourg AML/CTF framework, except for certain operations.

With the Single Rulebook Regulation, the in-scope insurance entities will be redefined and harmonized across the EU. Article 3 of the Single Rulebook Regulation includes amongst the obliged entities:

• insurance undertakings insofar as they carry out life or other investment-related assurance activities, including insurance holding companies and mixed-activity insurance holding companies;
• insurance intermediaries where they act with respect to life insurance and other investment-related insurance services, with the exception of insurance intermediaries that do not collect premiums or amounts intended for the customer and which act under the responsibility of one or more insurance undertakings or intermediaries for the products which concern them respectively.

Actors of the insurance sector will therefore need to assess whether they fall within the new scope of AML/CTF rules. We note that while the scope is extended to notably include insurance holding companies and mixed-activity insurance holding companies, for insurance intermediaries, the new scope seems more limited as it will only include those that collect premiums or amounts intended for the customer. Besides, (re)insurance understandings that perform credit and surety operations (respectively classes 14 and 15 of non-life insurance activities) will not qualify as obliged entities under the new rules.

One outstanding question at Luxembourg level is whether the Luxembourg legislator will extend such scope foreseen on EU level as in the past to include the Luxembourg specific category of PSAs.

Greater clarity on AML/CFT systems and controls

The Single Rulebook Regulation provides greater clarity for in-scope insurance actors on how to conduct a risk-based approach, ongoing monitoring, customer due diligence (« CDD« ) and identification of ultimate beneficial ownership with a view to have a harmonized approach across the EU.

First, in-scope insurance actors will need to review their CDD processes to comply with the new regulation. The Single Rulebook Regulation notably includes an updated and more comprehensive and detailed definition of beneficial ownership. The threshold is now set at 25% or more, while it was previously ‘25% plus one share or an ownership interest of more than 25%’.

Amongst the other new requirements are (i) enhanced due diligence (« EDD« ) measures for business relationships with high-net worth individuals holding at least 50 million euros in total assets and the services involve handling assets with a value of at least 5 million euros, and (iii) a requirement to update customer information after one year for high-risk customers and five years for the others.

To ensure that risks of non-implementation or evasion of targeted financial sanctions are appropriately mitigated, obliged entities must also verify whether the customer and/or the beneficial owners are subject to targeted financial sanctions and in case of legal entities, whether natural or legal persons subject to targeted financial sanctions control the legal entity or have more than 50 % of the proprietary rights of that legal entity or majority interest in it, whether individually or collectively. This new requirement is to a large extent already existing in the Luxembourg legal framework applicable to insurance sector entities on the basis, inter alia, of Article 31 of CAA Regulation 20/03 (as amended).

For life and other investment-related insurance activities, Article 47 of the Single Rulebook Regulation sets out specific CDD measures that apply in addition to the CDD measures required for the customer and the beneficial owner. Pursuant to this article, as soon as the beneficiaries are identified or designated:

• if the beneficiaries are specifically named persons or legal arrangements, the insurance actor must record their name;
• if the beneficiaries are designated by characteristics or by class or by other means, the insurance actor must obtain sufficient information concerning those beneficiaries so that it will be able to establish the identity of the beneficiary at the time of the payout.

In terms of timing, the article specifies that (i) the verification of the identity of the beneficiaries and, where relevant, their beneficial owners shall take place at the time of the payout and (ii) in the case of assignment, in whole or in part, of the life or other investment-related insurance to a third party, obliged entities aware of the assignment shall identify the beneficial owner at the time of the assignment to the natural or legal person or legal arrangement receiving for its own benefit the value of the policy assigned.

Additionally, the Single Rulebook Regulation contemplates the possibility of terminating a business relationship with a customer when CDD cannot be properly conducted. In relation to beneficiaries of insurance policies, an exemption is however provided for with the aim of protecting public interest. In this case, an alternative approach such as the temporary suspension of the business relationship should be privileged.

In terms of reporting, the Single Rulebook Regulation also provides for stricter reporting requirements, including the need to report suspicious transactions more promptly and comprehensively to FIUs. These obligations will be supplemented by AMLA guidelines and technical standards from the Commission in 2026-2027. 

Next steps and timeline

The entry into force of the different AML/CTF package rules will be staggered over the next years, allowing sufficient time for actors of the insurance sector to prepare themselves.

The texts provide for the following entry into force timing:

1. Single Rulebook Regulation: The regulation will apply as from 10 July 2027, except in relation to certain ‘obliged entities’ referred to in Article 3(3)(n) and (o) (which are not part of the insurance sector), to which it will apply as of 10 July 2029.

• AMLAR: The regulation will apply as from 1 July 2025, except for Articles 1, 4, 49, 53 to 55, 57 to 66, 68 to 71, 100, 101 and 107, which apply as from 26 June 2024, and Article 103, which will apply as of 31 December 2025.

• AMLD6:  The directive will have to be implemented by Member States by 10 July 2027 (date as of which the Directive 2015/849 will be repealed), except that they will need to comply with Article 74 by 10 July 2025, with Articles 11, 12, 13 and 15 by 10 July 2026 and with Article 18 by 10 July 2029.

Following the entry into force of these texts, additional technical rulemaking will be adopted, taking the form of Implementing Technical Standards (ITS) and Regulatory Technical Standards (RTS). 

Christian Kremer

Senior Partner – Clifford Chance

Phone : +352 48 50 50 201

E-Mail : christian.kremer@cliffordchance.com

Isadora Rousselle

Senior Associate – Clifford Chance

Phone : +352 48 50 50 467

E-Mail : isadora.rousselle@cliffordchance.com