In brief

The new EU AML Regulation(1) describes in great detail the measures which the EU professionals in the AML scope must follow in an effort to set a common regulatory framework without significant deviations. While the previous EU acts with regard to AML were vested in the form of directives mostly setting the goals that should be achieved without defining the “means for achieving these goals”, now the AML Regulation provides a clear set of rules requiring the adoption of a lot of “obligations of means” in the pursuit of harmonized implementation and proper application of the rules. Under this frame of thought, a lot of the rules included in the 4th AML Directive are now included in the AML Regulation so that these rules in their mature version become directly applicable to the obliged professionals establishing a level playing field in the EU jurisdictions.

Main Provisions

The provisions included in the new AML Regulation could be classified in three big categories:

(1) Rules in the new AML Regulation with which Luxembourg is already “up-to-speed”:

• The detailed provisions of customer due diligence (including the CDD on beneficial owners), the ongoing and transactional DD(2) are substantially as the ones included in the law of 2004;

• The institution of a compliance officer position at manager level (RC) as applied in Luxembourg is now introduced at the EU level and other EU member states will have to adopt this institution as well;
  
  
• Client acceptance of PEPs during the DD process need to be verified by the management of the obliged professional;
  
  
• Introduction of a notification requirement to the competent supervising authority of the respective EU member state in case of outsourcing of the AML function (with parallel forbiddance of outsourcing of certain tasks whose outsourcing would impair the AML function);
  
  
• Reporting of suspicions before the FIU of each EU member state by establishing a common procedure to be followed similar with what is already applicable in Luxembourg;
  
  
• The points to be included in the AML policies and procedures are clearly defined, the same goes with the business-wide risk assessment as applied in Luxembourg;
  
  
• In the same vein, credit institutions, financial institutions and crypto-asset service providers shall be prohibited from keeping anonymous bank and payment accounts, anonymous passbooks, anonymous safe-deposit boxes or anonymous crypto-asset accounts as well as any account otherwise allowing for the anonymisation of the customer account holder or the anonymisation or increased obfuscation of transactions, (including through anonymity-enhancing coins);
  
  
• Establishment of internal reporting channels for AML purposes that meet the requirements set out in Directive (EU) 2019/1937.

(2) Main novelties set by the AML Regulation:

• Provision of clear rules for correspondent relationships with regard to payments (including specific enhanced due diligence measures for cross-border correspondent relationships);
  
  
• Inclusion in the scope of the AML supervision of new categories of service providers and more specifically providers of gambling services, professional football clubs and football agents, traders of high-value goods (including jewelry and watches of more than 10,000 euros), free zones and customs warehouses, crowdfunding service providers and crowdfunding intermediaries, investment migration operators;
  
  
• Expansion of the notion of assets that can be used for laundering;
  
  
• Establishment of rules on the functioning of information sharing partnerships among the obliged entities;
  
  
• Establishing clear rules on the notification procedure for EU cross border operations on the basis of the freedom of provision of services in the EU market so that there is AML supervision from the competent AML authority of the affected host EU member state;
  
  
• Formal adoption of the travel rule in terms of transactions;
  
  
• Mandatory threshold-based reporting to the FIU of transactions in certain high-value goods acquired for non-commercial use by people trading them (motor vehicles for a price of at least EUR 250 000 or the equivalent in national currency, watercraft for a price of at least EUR 7 500 000 or the equivalent in national currency, aircraft for a price of at least EUR 7 500 000 or the equivalent in national currency);
  
  
• Establishment of extra EDD measures in addition to the EDD measures already provided and described in detail in the AML Regulation in cases where a business relationship that is identified as having a higher risk involves the handling of assets with a value of at least EUR 5 000 000, or the equivalent in national or foreign currency, through personalised services for a customer holding total assets with a value of at least EUR 50 000 000, or the equivalent in national or foreign currency, whether in financial, investable or real estate assets, or a combination thereof);
  
  
• EU financial institutions shall not accept payments carried out with anonymous prepaid cards issued in third countries;
  
  
• Establishment of the eIDAS standard digital signature protocol for identification purposes online (with certain exceptions where eIDAS is not applicable e.g. third countries);
  
  
• Risk posed by third jurisdictions: Adoption of delegated acts on the identification of third countries with significant strategic deficiencies in their national AML/CFT regimes, with compliance weaknesses in their national AML/CFT regimes and third countries posing a specific and serious threat to the Union’s financial system;
  
  
• Common rules on AML penalties imposed by AML supervising authorities and on evaluating the severity of breaches: the EU Commission shall adopt delegated acts defining:

(a) the categories of breaches that are subject to penalties and the persons liable for such breaches;

(b) indicators to classify the level of gravity of breaches that are subject to penalties;

(c) the criteria to be taken into account when setting the level of penalties.

(3) Main streamlining and clarification provisions with respect to existing AML rules:

• The AML Regulation formally puts on equal footing the so-called designated non-financial businesses and professions (“DNFBP”) while clarifying that lawyers and accountants are also in the scope of the AML Regulation when providing tax advice. At the same time, there is adoption of the clarifying CJEU judgement on the balance between professional secrecy and AML and tax fraud reporting to be made by notaries, lawyers, other independent legal professionals, auditors, external accountants and tax advisors with regard to the information that they receive from, or obtain on a client, regardless of whether such information is received or obtained before, during or after such proceedings (unless knowing that the client is seeking legal advice for the purposes of money laundering, its predicate offences and knowledge of this purpose may be inferred from objective factual circumstances).
  
  
• Clarifications on the notion of PEP: The EU Commission had previously defined with a decision the list with the prominent public functions and positions whose holders fall into the category of PEP at EU and at EU member states level. In the same vein, the AML Regulation requires each Member State to issue and keep up-to-date a list indicating the exact functions which, in accordance with its national laws, regulations and administrative provisions, qualify as prominent public functions and shall notify those lists, as well as any change made to them, to the Commission and to the AMLA. Clarifications are also provided in terms of PEPs who are beneficiaries of insurance policies as well as measures to be taken for persons who cease to be politically exposed persons.
  
  
• Detailed definition of the beneficial ownership including ownership interest, control or other means: The AML Regulations also provides the possibility for the threshold of ownership interest to become lower in line with the risks proportionate to each category of legal entities after the adoption of relevant delegated acts by the EU Commission. In the same light, information on nominee arrangements are to be held in a central register in order to be able to verify the beneficial ownership of this type of structures.
  
  
• Clarifications on the UBO info provided by trusts and other similar arrangements: The trustee or the person holding an equivalent position in a similar legal arrangement shall obtain and report to the central register beneficial ownership information and basic information on the legal arrangement without undue delay after the setting up of the express trust or similar legal arrangement and, in any case, within 28 calendar days thereof. The trustee or the person holding an equivalent position in a similar legal arrangement shall ensure that any change of beneficial ownership or of the basic information on the legal arrangement is reported to the central register without undue delay, and in any case, within 28 calendar days thereof. Legal entities created outside the Union and trustees of express trusts or persons holding an equivalent position in a similar legal arrangement that are administered or established outside the EU shall submit beneficial ownership information to the central register of the Member State where they:

(a) enter into a business relationship with an obliged entity;

(b) acquire real estate in the EU, whether directly or through intermediaries;

(c) acquire, whether directly or through intermediaries, any of the following goods from persons trading in the context of an occasional transaction including one of the following (i) motor vehicles for non-commercial purposes for a price of at least EUR 250 000 or the equivalent in national currency; (ii) watercraft for non-commercial purposes for a price of at least EUR 7 500 000 or the equivalent in national currency; (iii) aircraft for non-commercial purposes for a price of at least EUR 7 500 000 or the equivalent in national currency;

(d) are awarded a public contract for goods or services, or concessions by a contracting authority in the Union.

• Where legal entities created outside the EU enter into a business relationship with an obliged entity, they shall only submit their beneficial ownership information to the central register where:

(a) they enter into a business relationship with an obliged entity that is associated with medium-high or high money laundering and terrorist financing risks pursuant to the risk assessment at EU level or the national risk assessment of the EU member state concerned; or

(b) the risk assessment at EU level or the national risk assessment of the EU member state concerned identifies that the category of legal entity or the sector in which the legal entity created outside the EU is associated, where relevant, with medium-high or high money laundering and terrorist financing risks;

• Last but not least, it’s now constituted the obligation on the part of the obliged professionals to report clients in case that the beneficial ownership information that they get is incompatible with the correspondent beneficiary information in the central register without undue delay and, in any case, within 14 calendar days of their detection (art.24).

1 Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing. It shall apply as of 10 July 2027. 

2 By 10 July 2026, AMLA shall issue guidelines on ongoing monitoring of a business relationship and on the monitoring of the transactions carried out in the context of such relationship.