The amendment of the act on the prevention of money laundering and terrorist financing (“AML”) tightens the requirements on customer due diligence. Our article will give you a better idea of its effects.
The amendment expands the obligations of an obliged entity regarding basic or enhanced due diligence, specifies the contents of the internal guidelines of the obliged entity and extends the definition of an unusual business transaction and the related obligation of obliged entities to adopt adequate measures.
The AML introduces several deadlines to implement the abovementioned obligations. Non-compliance with the deadlines will lead to high sanctions of up to EUR 200,000 for a general violation of the AML, and up to EUR 1,000,000 for a serious violation. Banks and financial institutions would face sanctions of up to EUR 5,000,000. The sanction can be imposed within three years from the day the breach was detected, but within five years from the day of the breach at the latest.
What changes apply from 15 March 2018?
If a company finds itself on the list of obliged entities (Section 6 of the AML Act), it is subject to stricter rules on customer due diligence. Obliged entities are, among others, banks, financial institutions, real estate agencies, lawyers during the provision of certain services for clients, as well as entities that perform the “activities of corporate, management and economic consultants” or “procurement of sale, lease and purchase of real estate”. Companies should consider if they actually perform these activities, and whether they do not fall under the status of an obliged entity due to services which they do not actually offer.
Entrepreneurs which are not on the list, but make a cash transaction of at least EUR 10,000, are also considered obliged entities, whether the transaction is carried out in a single operation or in several operations which are or might be linked.
Obligation to identify the ultimate beneficial owner (“UBO”) and keep written/electronic records of him, unless these data are already registered in the Register of Public Sector Partners or in the Register of Legal Entities, Entrepreneurs and Public Authorities. Upon request of entitled entities (such as the financial intelligence agency), the obliged entities have to disclose these data within a specified deadline; the obliged entities have to store the data for a period of five years from the dissolution of the UBO.
Expansion of the basic due diligence duties of the obliged entity. The obliged entity has to identify the UBO and adopt measures to verify their identification, including the measures to determine the customer’s ownership and management structure. The obliged entity also has to determine and record the information whether international sanctions were imposed against the customer or whether they are a politically exposed person (this term automatically includes persons who hold a major public office, regardless of their permanent address (in Slovakia or abroad); in this case, enhanced due diligence applies for at least 12 months from the termination of the major public office).
Minimum extent of identification data of customers. All obliged entities are obliged to determine the birth registration number of a UBO. The date of birth will only be sufficient for identification of natural persons to whom no birth registration number was assigned (e.g. foreign businessmen).
Obligation to perform at least a “simplified” due diligence if there is a small risk of money-laundering. What does this mean? Certain types of transactions which do not raise red flags (so-called transparent transactions) or transactions of up to EUR 15,000 only require simplified due diligence. This constitutes a change against the original act, according to which no due diligence was required.
Obligation to make a written record of all complicated, unusually large transactions and all transactions of an unusual character, where the economic or legal purpose is not obvious. The obliged entity is obliged to examine the purpose of these transactions in the maximum possible extent. The obliged entity has to be ready to hand the record over to the financial intelligence agency upon request. It has to explain why the obliged entity assessed the transaction as unusual.
Risk assessment. The obliged entity is obliged to identify, evaluate, assess and update the risks of money-laundering and terrorist financing according to the type of business transactions and business relationships, considering not only the factors mentioned in annex 2 to the Act, but also according to the type of client, purpose, regularity and duration of the business relationship, value of the transaction, risk level of the country etc., as well as the forms of unusual business transactions which are specific to the business of the obliged entity.
In light of the GDPR and the new act on personal data processing, please note that the AML Act remains the legal basis for the processing of personal data of customers, i.e. the processing of personal data does not require a consent of the data subjects.
Which documents do obliged entities have to update by 15 May 2018?
The obligation to have an internal AML guideline is not new. However, the AML amendment explicitly requires that the guideline include an overview of the specific forms of unusual business transactions which can come up in the scope of business of the obliged entity. The guideline also has to include a person who will be responsible for AML tasks and for reporting unusual business transactions. If his person is not the statutory body or its member, it has to be a managerial employee who can communicate with the statutory body and has access to all information and documents which the obliged entity acquired in the course of the customer’s due diligence. The guideline should not only be updated in connection with a change of the scope of business of the obliged entity, but also before launching new products or before a change of the organizational structure of the obliged entity. The guideline has to be approved by the statutory body of the obliged entity.