On June 20 2021, the EU Commission published a package of 4 AML regulatory proposals. One of these is the institution of a supervisory body to specifically cover AML, the Anti Money Laundering Authority (AMLA).
The proposal references AML failures from EU credit institutions as a major factor in the recommendation to create the AMLA. Gaps in compliance are clear in the EU, as the FinCEN Files’ revelations also involved multiple European headquartered banks.
One worry is that the AMLA will supersede national financial intelligence units, however the AMLA will only be in a supportive role in regards to FIUs and national supervisory bodies (the option of instituting an FIU at the EU-wide level was “rejected as disproportionate” by the impact assessment of the EU Commission).
To improve on the uneven “quality and effectiveness” of AML/CFT and the divergence in implementing the Risk-Based Approach across different Member States, the AMLA will work with national FIUs to improve their capability of analyzing financial intelligence data with provision of tools, training and relevant threat assessment cases. The AMLA’s work with FIUs will also include facilitating complete and swift information exchange.
The AMLA will conduct periodic reviews to ensure supervisory bodies have the resources needed.
The AMLA will be given power to draft regulatory and technical standards and adopt recommendations and guidelines in relation to Anti-Money Laudnering and Countering the Financing of Terrorism.
In addition, it will work on policies that are in relation to risks from third countries outside of the EU that raise AML/CFT threats.
Since AMLD5 – the EU’s 5th Anti-Money Laundering Directive – Crypto Asset Service Providers (CASPs) have been transposed into AML/CFT rules and must follow the same guidelines set out as for other obliged entities. As the AMLA will “ensure group-wide compliance with the requirements laid down in AMLD/R and any other legally binding Union acts that impose AML/CFT-related obligations on financial institutions”, the AMLA’s oversight of obliged entities will extend to CASPs.
It is possible that with the AMLA proposal the Commission had in mind to combat compliance penalty arbitrage – whereby a jurisdiction becomes known for minor fines imposed on compliance failures, a lackluster approach to tackling financial crime or notably slow uptake in new regulations in relation to serious emerging AML/CFT threats, to encourage firms to operate in the jurisdiction.
This theoretical example is demonstrated by the takeover of supervision from the AMLA for risky businesses – covered in the section below – when “the relevant [national] supervisory authority has not taken adequate measures to address non-compliance in a timely manner.”
However, because the blockchain industry’s compliance threats evolve at lightning speeds, it can be difficult for some national supervisory bodies and FIUs to keep up and slow uptake in new regulations can be put down to limited resources available. A central body that can zero-in on a seemingly compliant business with a certain jurisdiction’s crypto laws in relation to its operating headquarters or main base of operations, but is dealing in illicit funds flows through customers of other Member States, will help close these loopholes.
The proposal notes that whilst some money laundering risks are national in nature, others are EU-wide and “may impact the entire Union financial system.” This includes the AMLA directly supervising the “riskiest” financial institutions that are operating across numerous member states or those that are deemed to be in need of urgent action to address compliance risks as “all recent major money laundering cases reported in the EU had a cross-border dimension”.
Due to the fact that crypto-assets are regularly viewed by central banks as currently one of – if not the most – riskiest asset class (the Basel Committee on Banking Supervision’s ‘Prudential treatment of cryptoasset exposures’ paper recommends the highest capital risk weighting for BTC, ETH and other cryptos (with the exception of stablecoins)), some large CASPs operating across multiple jurisdictions could fall under the AMLA’s microscope quite quickly.
The AMLA proposal states that for those risky businesses that will be directly supervised, they “will no longer have to deal with multiple AML supervisors in different Member States” – thereby simplifying the process of AML obligations whilst taking actions to address failures.
The AMLA will have the power to “adopt binding decisions, administrative measures, and pecuniary sanctions towards directly supervised obliged entities” in regards to directly supervised entities. Fines go up to a max of 10% of turnover or 10 million EUR, whichever is higher.
At its “full operational level” the AMLA should have 250 staff that will take over the AML/CFT database from the European Banking Authority and the FIU.net, the “secure communication network” for FIUs.
The document states that the Authority should be established in 2023 with direct supervision to begin in 2026.
The heads of FIUs of member states shall comprise part of the governance of the authority. Further details can be found in Articles 45 to 63.
The proposal contains an Impact Assessment for the differing options, one being “Regarding supervision” and another being “Regarding cooperation and exchange of information among FIUs”. The options the recommendations were chosen from are laid out below.