New anti-money laundering rules – threat or opportunity?

Money laundering and the financing of terrorism account for several hundred billion a year in Sweden, according to the Coordination Supervisory Body, and the financial system is instrumental in these activities. There is nothing to suggest that FinTech companies are protected from the few individuals that use the financial system for such purposes.

New payment methods and new ways of investing money through, for example, crowdfunding attract not only the curious public, but also people and organizations that have acquired money through criminal activities and need to launder the profits. Money laundering is not only associated with financial gain from the sale of drugs or from theft (which often involves cash), but also from tax fraud, for example. In the latter case, the money is normally already within the banking system.

The financing of terrorism often includes legally acquired assets that are sent to, or used for sponsoring, terrorist organizations in different ways. In such cases, the transaction pattern needs to be analysed in order to identify any unlawful behaviour. This spring, a governmental body, the Centre for Asymmetric Threat Studies (CATS), presented a report on so-called “terrorist travels”, which concerned Swedes who travel to countries to fight for Daesh, for example. CATS reported that these individuals probably used the financial system. CATS also found that allowances paid by the Swedish state had been used to finance the activities of these individuals. And again, this money moves through the financial system.

It is quite easy to understand the reasons for legislation in this field, but perhaps not so easy to understand the rules themselves. The set of rules on anti-money laundering and
the financing of terrorism is aimed at ensuring that certain types of business operators pay attention to transactions
that may involve money laundering and the financing of terrorism.

In addition to the rules already in place, new rules are expected to come into force on August 2, 2017. Will these new rules just add another layer of impracticable and hard-to-interpret regulations, or will they facilitate matters for businesses?

Numerous changes will need to be implemented in the business operators’ procedures as a consequence of the new rules, some examples of which can be found below. Firstly, the definitions of money laundering and the financing of terrorism have been amended in the new act. The definitions now correspond more closely to the ones in the fourth AML Directive (2015/849), and to the definitions in the penal code that regulate money laundering and the financing of terrorism. However, the definitions are not completely consistent with the penal code and the reason for this is that criminal law requires a higher degree of certainty that a law has been broken. Administrative law on the other hand, aims to identify behaviour that puts a business at risk of being used for such purposes.

Secondly, there are also new rules in relation to know-your-customer procedures and a prohibition on anonymous accounts. The business operators are required to ensure that employees working with AML checks and procedures possess the requisite expertise for the task.

Businesses that have branches or subsidiaries outside Sweden (both within the EEA and outside) shall ensure that such subsidiaries or branches apply the new legislation if the rules of the hosting country are not equally extensive.

In connection with all new rules that impose a higher burden on the business operators, there are also considerations expressed by the legislator which are positive for businesses. According to the fourth AML Directive, countries are now required to conduct a risk assessment and report more extensive statistics relating to financial crime than was previously the case. This is also a step in the right direction in terms of making it easier for business operators, such as FinTech companies, which may not have sufficient resources to finance an extensive assessment procedure, in order to identity risks. The legislator suggests that businesses ask themselves the following question: “What products and services do we provide that could potentially be used for money laundering purposes?”

In relation to the new rules, the legislator also acknowledges that costs for businesses, as the rules are currently formulated and applied, may be unnecessary for achieving the objective of the legislation. The risk-based approach is therefore even more prominent in the new rules. In instances where there are greater risks, businesses are expected to put more effort and financial resources into managing them. If the risks are smaller, correspondingly less financial resources and attention are needed. The risk-based approach is now “holistically” applied throughout these processes. This allows both companies and supervisory authorities to be more practicable in relation to where risks actually arise.

For businesses looking to minimize their costs in relation to the AML procedures, there seem to be cost savings that can be made in the long term. By putting some effort into risk assessment, and some investment into risk management procedures (technical solutions, etc.), a reduction in costs can be achieved. Other positive consequences of this are that low-risk customers may not be saddled with additional burdens, that business operations do not have to collect unnecessary data and, most importantly, that the objective of the legislation can be achieved.

Another aspect that simplifies matters for FinTech companies and others that are facing the AML-rules is the implementation of a central public register for beneficial owners. All companies shall register beneficial owners that own more than 25% of the company in a register held by
the Companies Registration Office. Existing companies have until February 2, 2018 to register. In addition to using the register for AML checks, remember to register the beneficial owners of your own company.