Additionally, 5MLD expands the types of obliged entities defined under 4MLD that must comply with the new AML/CTF regulations. Some of the newly added obliged entities under 5MLD include: (1) providers engaged in exchange services between virtual currencies, fiat currencies, and custodial wallets; (2) certain persons involved in the works of art trade; and (3) external accountants and tax advisors that provide advice on tax matters as principal business or professional activity.”
What This Means for Financial Institutions
All obliged entities within the newly regulated scope should know how 5MLD impacts their risk appetite, controls, procedures, and processes. However, it is especially crucial for entities currently operating in the cryptocurrency markets and doing business with cryptocurrency service providers.
To that end, failure to take steps to comply with 5MLD puts obliged entities at risk of fines or other types of civil penalties. As Member States strengthen their roles as competent authorities with designated AML/CTF responsibilities for cryptocurrency platforms, obliged entities should consider the following:
Adopting and maintaining a risk-based policy framework that meets 5MLD regulatory guidelines.
Identifying and addressing, where necessary, perceived vulnerabilities to their policy frameworks, ensuring that when a risk-based approach indicates a higher level of risk, the appropriate checks are defined and in line with the 5MLD.
Applying a risk-based approach when assessing and categorising high-risk customers, relationships, and products, particularly those associated with cryptocurrency.
What You Should Be Doing Now
Obliged entities should now be evaluating the effectiveness of their policies, procedures, and technological infrastructure responsible for adequately mitigating risks as applicable to 5MLD. Specifically, obliged entities such as firms involved with cryptocurrency will need to review their policies and procedures for effectiveness related to the collection of Ultimate Beneficiary Ownership Data, reporting of cryptocurrency-related suspicious transactions and activities, and maintaining adequate PEP lists. Obliged entities should also be assessing their business operating model to adapt to the new regulatory environment and evaluating other potential areas of inquiry by EU regulatory authorities associated with 5MLD.
How Guidehouse Can Help You
Guidehouse can rapidly review and assess your financial crime framework to determine whether it is operationally effective and meets the new regulatory expectations. Guidehouse can identify financial crime framework gaps, advise on optimal solutions to weaknesses identified, and identify areas (e.g., products, services, clients, and relationships) that pose a higher degree of risk.
Guidehouse has in-depth knowledge of the regulatory environment and financial institution processes and regulatory requirements in the EU and globally. Guidehouse’s relevant expertise includes the following:
Framework Risk Assessments
Transaction and Customer Reviews
Compliance Technology Services
Investigational and Operational Services
Special thanks to Timothy Gore who contributed to this alert.