The European Union's proposal for a fourth directive to govern money laundering controls is unlike any of its predecessors and promises to be nothing like the directive which, according to its text, will supersede it in a few years.

The European Union's proposal for a fourth directive to govern money laundering controls is unlike any of its predecessors and promises to be nothing like the directive which, according to its text, will supersede it in a few years. It is expected to become EU law very late in the year or early in the next.

The main rule-changes

Rather than contain many draconian suggestions for new predicate offences, reporting obligations or regulatory powers, it suggests instead that all EU-based multinationals should impose EU-style controls wherever they have branches in the world and should also keep records of all the substantial beneficial owners of their corporate and other collectively-held customer-firms and counterparties. These provisions, if they come into force, will be onerous.

There is one new predicate offence whose proceeds are to be outlawed everywhere in the EU: tax fraud. Countries such as the UK have long criminalised the proceeds of tax evasion (and even, since about 1999, the proceeds of foreign tax evasion) but the EU now wishes to make this universal and many countries will be experiencing this for the first time if this version of the draft becomes EU law. Article 3(4)(a) contains a proposal to expand the existing operative phrase, “criminal activity,” to include “all offences, including tax crimes related to direct taxes and indirect taxes, which are punishable by deprivation of liberty or a detention order for a maximum of more than one year or, as regards those states which have a minimum threshold for offences in their legal system, all offences punishable by deprivation of liberty or a detention order for a minimum of more than six months”.

Article 12 seeks to oblige banks to verify the identity of every customer and of every beneficial owner who owns 25 per cent or more of the entity in question before the business relationship begins. No transaction is to take place before this happens.

There is also a drive to introduce new requirements for domestic “politically exposed persons” and PEPs who work in international organisations, subject for the first time to the dictates of a vague and unspecified form of risk management. At present, Italian private banks need not conduct “enhanced due diligence” on the accounts of Silvio Berlusconi, at least on the pretext that he is a PEP. Under the proposals, this should change. EDD is to apply for at least 18 months (rather than the current 12) after every office-holding PEP (the definition of PEP also includes nuclear family members – which bizarrely rules out uncles and nephews – and an undefined collection of “close associates”) vacates his office.

Record-keeping reform

There are some record-keeping suggestions in Article 39 that are unlikely to be new to most countries. The EU wants the new law to compel financial firms to spend five years storing the “know your customer” data they collect to prove that each new applicant for business is who he/she/it claims to be. It wants the same for documents that prove the veracity of the business relationships that underpin customers' wealth. The idea is to keep the information ready for official scrutiny at any time; this is already happening in most of the old (pre-2004) member-states, and should already be happening in the rest according to national laws. Five years has long been the almost-universal compliance record-keeping period throughout the civilised world.

What the people who claim to represent the bankers think

The European Banking Federation is a typical EU construct which purports to represent the interests of all EU states' banking sectors. It has had privileged access to the inner workings of the EU legislative process on this subject. Its response to the proposal is full of objections. To begin with, it fears the costs associated with the identification of beneficial owners – an expensive undertaking if applied to a private bank's entire business. It also decries the fact that the proposal stops short of calling for EU-wide standards for publicly registered information regarding shareholdings and beneficial ownership in general as regards unlisted companies.

Its concern here is ostensibly “legal certainty,” although cost must surely be a larger worry. If such registers did exist, ordinary taxpayers would be footing the bill and not banks. There is, however, an EU plan to promote a “European business register” which merely copies information from national registers such as the one at Companies House in London, but the EU's planners did not deign to link this up to the money-laundering proposal.

On the same theme, the EBF thinks that national governments should provide its members with ready-made lists of PEPs. The EU's legislators, however, are famously shy of agreeing to expenditures of governmental effort and money on this scale.

The EBF is on firmer ground in asking for a clear definition of such terms as “international organisation.” Article 19 calls on compliance officers and money-laundering reporting officers to treat “persons who are or who have been entrusted with a prominent function by an international organisation” as PEPs who require EDD. However, neither the proposal nor its lengthy preamble define the term “international organisation”. The EBF also wants watertight definitions for “supervisory bodies” and “state-owned enterprises”.

Data protection and record-keeping

The cross-over between a bank's duty to protect customers' data and to “inform” on its clients is as blurred as ever and forms the subject for another sore point. This time the bankers are complaining that the new rule in Article 39 states that “the maximum retention period following either the carrying-out of the transactions or the end of the business relationship, whichever period ends first, shall not exceed ten years.” In this scenario the private bank is being asked to destroy the data after ten years. The EBF argues that this cannot be in the interests of the customer or his heirs, who may need information on the account in question in inheritance proceedings which might drag on for years. The same goes for insolvency proceedings. In going on to argue that the data might be needed in criminal investigations, however, the EBF gives off the distinct impression that customer service is not the real reason for its objections to Article 39.

Rogue's gallery

“Reliance,” to give it its UK term, is a major issue in the money-laundering world. It refers, of course, to the extent to which a bank can rely on other banks outside its jurisdiction or the reach of its regulators for the identification and verification of an applicant for business's identity and other things. Article 25(1) limits extra-EU “third parties” who are allowed to provide this information to entities from countries where “due diligence” is “equivalent” to the EU's. Article 25(2) places the burden of deciding which jurisdiction is “equivalent” squarely on the shoulders of each national government, ringed around tightly with the need to obtain permission from a battery of EU organs.

This heralds the end of the EU's scandalous experiment with anti-money-laundering “white-lists.” In 2008, to gasps of astonishment, national regulators in many if not all EU countries announced that they were going to tolerate “simplified due diligence” (a lower standard of background-checking) for entities that belonged to about a dozen selected countries. This list included Aruba, Curacao, Mexico, Russia and other territories that have long been famous for their opacity (and, especially in the case of Mexico, general lawlessness) rather than for good regulation and due diligence. This embarrassment is likely to be over in the next year or two. In the preamble to the proposal, the EU states: “Equivalence of third country regimes: remove the "white list" process.” This terse reference is the only mention it makes of the débâcle. In a sense, the EU need do nothing to close the loophole; it originated from pressure that the EU exerted on member-states behind the scenes and not from any EU law.

A string of deadlines

One of the stars of the new proposal is the European Banking Authority, which the EU believes is destined to take the reigns of private bank regulation out of the hands of national regulators one day. The document contains a slew of deadlines by which the EBA must approve this-and-that. Article 6 calls on it to club together with other centralised EU regulators (the European Insurance and Occupational Pensions Authority or EIOPA and the European Securities and Markets Authority or ESMA) to float an “opinion” about money-laundering and terrorist-financing risks within two years of the fourth directive coming into force.

Article 15 calls on that body to evolve guidelines within the same time-frame for the risk factors that should govern decisions about when and where “simplified due diligence” should apply. Article 16 asks it to issue other guidelines in the same time-frame, this time for EDD. Article 42 contains another crop of deadlines (which fall on the same date) for EU standardisation in which the EBA is to participate. The EU's drive to centralise financial regulation is only too obvious in this draft.

The EBA, however, is nowhere near a state of readiness for such lofty pre-eminence. The UK's Financial Conduct Authority, according to its latest business plan, is going to spend around £445 million ($674 million) in 2013-14, with fees payable of £391 million. Its total headcount will be 2,848. The EBA's budget for this year is €30 million or £25.7 million, of which €15 million has been pilfered from the “fees” that national regulators charge their flock, and its headcount by Christmas is expected to be 93. It will therefore be some time before the EBA is able to do much more than broadcast patronising messages to the national regulators that it hopes one day to supplant.