AML package - what it is and who it affects?

The European Commission introduced the AML package on July 20, 2021. Its purpose is to prevent money laundering and terrorist financing. What is the AMLA regulation, and who is it affecting? Find out how to comply with the new regulations.

What is AML package all about?

The AML package creates a legal framework to prevent money laundering and terrorist financing. It will be applicable throughout the European Union, and individual member states must implement the new rules. The package consists of three basic documents, which are:

• AML Regulation,
• AML Directive,
• AMLA Regulation.

The AML Regulation indicates what procedures, policies and controls must be adopted by mandatory institutions. It also describes the rules for the application of financial security measures - including customer verification and identification.

The AML Directive, on the other hand, is a document aimed at member states and national supervisory authorities. It contains detailed obligations and rights of such entities. The directive specifies how to register beneficial owners and how to access such databases.

The third element is the AMLA regulation. This is because the AML package includes the creation of a separate body to oversee the implemented procedures.

Objectives of the AML package

The AML law is designed to combat two areas - terrorist financing and money laundering. More often than not, such practices are directly linked to serious crimes - murder, extortion, bribery, theft or trafficking in people or exempt items. The new AML law is designed to tighten the system and make money laundering or terrorist financing much more difficult, and those who engage in such practices will be detected more quickly.

Compliance with the AML law is extremely important not only for the general interests of the state, but also for companies in specific sectors. The implementation of new procedures makes it possible to avoid liability for illegal practices - when the entity has nothing to do with the illegal activities of its client.

AMLA Regulation

The scope of the new AML legislation includes, among other things, the AMLA regulation. It concerns the establishment of an EU supervisory body - the Authority for Anti-Money Laundering and Countering the Financing of Terrorism. This authority will be responsible for issuing recommendations and guidelines on AML regulations.

AMLA responsibilities will include:

• Analyzing data in cooperation with national financial intelligence units;
• Assessing the obligations fulfilled by national financial supervisors and non-financial supervisors;
• direct supervision of selected financial sector institutions and indirect supervision of other AML entities;
• issuing technical standards;
• Issuing binding decisions and imposing administrative sanctions;
• issuing demands for action by competent national supervisory authorities.

Since when will AML package be in effect?

Although the first steps related to AML package were taken as early as 2021, the work was not completed until May 2024. Since then, companies have 36 months to comply with the new requirements - this will be enforced from the second half of 2027. However, there are exceptions where the period has been extended to five years. This rule applies to football clubs and agents, among others.

However, member states, including Poland, have three years to prepare regulations in line with the new directive. Earlier, rules on the register of beneficial owners should be implemented. Poland has 2 years to do so.

In its full form, AML package will not take effect until July 1, 2025.

Who is affected by AML?

The AML package refers to companies that provide specific services. Services include bookkeeping, customs and tax law consulting, declaration formulation, insurance, as well as the activities of banks and exchange offices, among others. The new regulations will also cover notaries, sports clubs and many other entities where there is a risk of terrorist financing and money laundering.

AML package will also affect:

• national payment institutions,
• cooperative savings and credit unions,
• investment companies,
• foreign entities conducting brokerage activities in Poland,
• companies operating a regulated market.

Implementation of AML package in the company

There is no escape from the new regulations. Companies covered by the AML package will have to comply with them - otherwise they will pay sizable financial penalties and will not be able to continue operating.

In order to comply with the new AML regulations, it will be necessary to appoint one person responsible for implementing the new procedures. The next steps will be:

• completion of initial training,
• developing a risk assessment of the activity,
• creating an internal AML procedure.

Every company is different, so such a task will need to be approached individually. Implementation can be entrusted to external specialists - we offer AML outsourcing, thanks to which we can relieve the entrepreneur of the need to adjust procedures to the new regulations on their own.

A whistleblower must also be appointed in every company. His task will be to report any irregularities and non-compliance with AML regulations.

Step-by-step implementation of AML

The implementation of AML procedures must follow a specific sequence. At the beginning, the appropriate persons are appointed and training courses are planned. During the course, information on implementing and complying with AML procedures is provided and selected employees are prepared for their new roles.

Next, a risk assessment is conducted. This results in a document that identifies possible risks associated with the operations of a particular company.

The next step is an internal AML procedure. It consists of a number of elements included in the law. It includes:

• Activities to reduce the risk of money laundering and terrorist financing;
• Rules for training employees responsible for complying with the new procedures;
  risk management;
• risk identification and assessment;
• type and principles of application of financial security measures;
• principles of personal data protection;
• principles of reporting possible violations or suspicions of possible violations;
• principles of cooperation with the Financial Intelligence Unit;
  internal control;
• rules for the use of the Central Register of Real Beneficiaries.

The beneficial owner in AML procedures

The AML procedure covers the topic of the Register of Beneficial Owners. The new regulations impose the need to verify exactly who is the beneficial owner of the transaction being carried out. According to the new definition, it is an individual who has direct or indirect control over an entity (company, foundation, association, etc.) and benefits voting, profit-sharing, shareholding or other decision-making powers.

Suspicious Activity Reporting Obligations

If a transaction has the appearance of money laundering or terrorist financing, it is necessary to report it immediately to the relevant entity. Each company subject to the new AML package must develop and implement its own internal procedures in this regard. According to the regulations, whistleblowing can be done anonymously.

The reporting procedure can apply to both actual and potential violations. Each situation is thoroughly checked for the commission of a crime. An institution that has properly reported a suspicious transaction is free from suspicion of illegal activity.

There is an obligation of secrecy and anonymity for such reports. It applies to the fact that the information was provided to the Financial Intelligence Unit (FIU) or other competent authorities, and the planned initiation of an analysis of the transaction. There are several exceptions to this rule - the secrecy of the procedure is not necessary when the situation is between specific institutions indicated in the AML Law (Article 2 (1)).

The role of Financial Intelligence Unit in AML package

The AML package is directly related to the institution of the Financial Intelligence Unit (FIU) - the General Inspector of Financial Information (GIIF). Its responsibilities include:

• Analyzing information on assets suspected to be related to money laundering or terrorist financing;
• carrying out procedures for stopping transactions or blocking the account;
• transmitting information and documents confirming the suspicion of a crime to the relevant authorities;
• requesting the transfer of information on transactions.

The FIU/GIIF also develops a national risk assessment. It includes the methodology for its determination, a description of money laundering and terrorist financing phenomena, current regulations and the threat level. The national risk assessment must be approved by the Minister of Public Finance.

PEP - handling politically exposed persons under AML

The AML law also focuses on transactions carried out by individuals in predestined political and administrative positions. The new regulations are designed to reduce the risk of abuse by the apparatus of power and those in top public positions.

In this regard, AML package requires a declaration of the predestined position or function held. The grace period in this case is 12 months. Throughout this time, a person is subject to PEP regulations, even if he or she no longer currently holds an important position.

What security measures fall under the AML package?

According to the AML Law, it is necessary to take various measures to explicitly reduce the risk of money laundering and terrorist financing. These include:

• customer identification and verification,
• identification of the beneficial owner,
• evaluation of economic relations,
• monitoring of the client's ongoing economic relations.

Financial security measures are taken in certain situations. These include the establishment of business relationships, occasional transactions or a cash transaction of €10,000 or more. Entities operating under the AML Law may also implement security measures whenever money laundering or terrorist financing is suspected.

What are the risks of violating the AML package?

All industries at risk of money laundering and terrorist financing must comply with the AML Law. Violations of its rules carry serious consequences, such as:

• an order to cease a particular activity;
• publication of information about the entity in the Public Information Bulletin on the authority's website - the news of the violation then becomes public, damaging the reputation of the company;
• prohibition of the person responsible for the violation of the law from performing duties in a managerial position;
• monetary penalty - its amount is determined individually depending on the type of entity and the manner of violation;
• revocation of licenses or permits;
• deletion from the register of regulated activities.

A violation of the AML Law can result in a financial penalty of as much as 20 million zlotys (in the case of individuals) and 5 million euros, or 10% of annual turnover (in the case of legal entities and organisational units). These are enormous amounts of money, which is why it is essential to implement the required procedures and follow them in daily operations.

If you run an obligated institution, make sure that the procedures implemented comply with the new AML regulations. Specialists will assist you by conducting an audit and identifying areas that require improvement. Their help will allow you to make changes before the AML package takes effect. Expert assistance will also be beneficial if your company has already complied with the new procedures. The law undergoes constant refinement and regular amendments, indicating additional obligations for obligated institutions.