Lucas Millán ■ EU proposal sets ambitious goals for Anti-Money Laundering supervision


The EU adopted its first Anti-Money Laundering (AML) directive in 1991 but to this day colossal sums of illicit money continue to make their way through the EU’s financial system. The Pandora Papers last year exposed a slew of politicians, celebrities and criminals exploiting legal structures all around Europe that facilitate dodgy financial activity. Before that, the DanskeBank and CumEx scandals revealed widespread criminal and fraudulent activity hiding in plain sight across Europe. A new proposal put forward by the EU might just be the game-changer the EU needs – if not with some improvement.

Since 1991, the EU has passed a handful of additional directives to harmonise the legislation of member states and to raise the standards applicable to the financial sector and certain non-financial intermediaries, like lawyers and real estate agents. The goal was to define a common framework for rulemaking within the EU, which member states are then required to “transpose” into domestic law. Today every EU state has laws requiring “obliged” businesses to keep records for a minimum number of years, determine with “due diligence” who their clients are, and to report suspicious activity.

Yet, as recent scandals illustrate, there are still many loopholes in the EU’s system. Fragmented implementation across member states has undermined regulatory progress. Does it matter if suspicious transactions must be reported to authorities if there is no agreement on what “suspicious” means? Does it matter if banks or other businesses keep records and know their clients if authorities do not carry out inspections? Most crucially, how can investigations of international financial crimes be effective where necessary data is scattered across 27 member states without a proper coordination mechanism?

Rather than increasing pressure on small businesses, it is more and more clear that legislators should focus on big internationalised finance and intermediaries, who represent the highest risks to the stability of the financial system and the economy. We have witnessed in the past an undue pressure on developing countries to enforce Value Added Taxes on small businesses, focusing on small scale tax avoidance and implementation of such regressive taxes, instead of targeting high-end economic crimes. Surging civil society attention on ever-bigger financial crimes has come with detailed assessments of the failure of the current regulatory model. In response, the European Commission proposes a coordinating body for Financial Intelligence Units to better regulate the financial sector (COM(2021) 421 final, or the “Proposal”).

What does the European Commission propose? 

The Commission proposes establishing a new institution at the EU level charged with coordinating member states’ Financial Intelligence Units in their supervision of the financial system. At its core, the initiative seeks to combine financial supervision and coordination functions at the EU level into a new institution with 250 staff and improved tools at its disposal. Currently, national Financial Intelligence Units are tasked with supervising financial activity and facilitating investigations via police authorities, but there is only weak and ad hoc coordination between member states. Some coordination is to some extent carried out by the European Banking Authority, but with reportedly low effectiveness. Beyond coordination, the proposed EU Authority would also have the power to directly supervise certain high risk financial institutions with activities in several member states.

It is also worth noting here what makes this proposal different in legal terms. The Commission’s proposal is a “regulation” that would be directly applicable to member states after being approved by the European Parliament and Council. This is different to EU “directives” which are only applicable to member states when they transpose and implement the directive under domestic law.

What are the most encouraging aspects of the proposed EU Authority?  

Establishing the proposed EU authority will allow a more coherent understanding of practices and risks of the financial sector. The new authority would be able to gather and analyse data across the EU, prevent and investigate wrongdoing, and design more evidence-based policies to tackle money laundering and terrorist financing (AML/CTF). 

This opportunity to develop financial data analysis is dependent on the new authority standardising the formats and channels of regulatory reporting. The authority is expected to implement a “single rulebook” for suspicious transaction reporting and oversee an EU-wide database on AML/CTF supervision.

The foreword of the regulation initiative points out another key advantage. The authority would assign resources (human and technical) to carry out coordination/analysis tasks, as with the current European Banking Authority but in addition, it would have the mandate to directly supervise obliged entities. Although the proposed supervision framework could be much improved, the new system for direct supervision would include broad investigative powers, monitoring and sanctions. This fills a regulatory gap at the EU level that has long left unchecked the instrumentalisation of the EU Single Market for illicit finances.

Furthermore, the authority would act as a supervisor of supervisors, adopting a system of peer reviews where intelligence units of various countries would periodically review the work and tools of Financial Intelligence Units in other member states, ensuring a level playing field. This mechanism of peer reviews has been adopted in multilateral forums such as the FATF and the OECD, with an arguable degree of success. The harmonisation of practices across the EU’s financial intelligence units will better ensure effective implementation of standard rules.

Are there any shortcomings? 

The European Commission’s proposal defines criteria for determining which financial institutions (ie, obliged entities) will be directly supervised by the new authority for a period of three years. However, it leaves a lot to be desired. Under Articles 12-13 of the proposed regulation, only financial institutions that directly provide services in 10 or more member states, or those that are established in 7 or more member states, would be potentially subject to direct supervision. Multinationals may exploit these high thresholds, for example, by arranging their EU-wide activities through various offshore entities. Moreover, the thresholds means that none of the foreign-controlled groups of EU companies would fall within the realm of direct supervision of the proposed EU institution. The European Central Bank concurs that the proposed framework leaves the door open to regulatory arbitrage (page 3). In any case, the thresholds for direct supervision are so hard to meet, that the European Central Bank predicts that “only approximately 12 to 20 obliged entities will meet these criteria” (page 3).  

Further, non-financial entities that are already obliged under AML/CTF legislation would not be subject to direct supervision. According to international standards (as defined by the Financial Action Task Force), various non-financial actors are subject to AML/CTF rules, such as auditors, accountants, casinos and lawyers. Yet the European Commission’s proposal would focus narrowly on financial institutions, while these other actors would not be subject to direct supervision, even in cases where a company operating across the EU represents a serious risk to the stability and reputation of the EU’s financial system. The proposal, however, considers indirect supervision via sectoral regulators in member states concerned. That is, the new EU authority would be able to address risks in the supervisory role of regulatory bodies for specific sectors (like professional associations for lawyers and accountants) by recommending changes to rules or practices. While this role is undoubtedly necessary, it might not be sufficient. Optimally, the proposal would provide for a wider scope for direct supervision, which includes financial and non-financial entities, and uses a comprehensive risk-based approach to determine which AML obliged entities should be supervised. Needless to say, non-financial professionals are often the gateway to secrecy, and financial institutions only come into play at a later stage, after the legal arrangements have been set up.

Specific characteristics of the new authority’s institutional design may also present certain risks. The new EU authority would include a General Board with representatives from the Financial Intelligence Units of each member state. This General Board is set to approve technical standards and their implementation, subject to a qualified majority vote. On the one hand, although the representatives must act exclusively “in the sole interest of the Union as a whole” (Proposal, Art.48),a group of member states might be in the position to effectively block new regulations (if the group consists of four or more representatives who account for more than 35 per cent of the EU population). On the other hand, there appears to be no requirement for unanimous decisions – something that limits regulatory initiatives in the European Council. In this sense, the delegation of regulatory power to the new EU institution may have a better chance at promoting harmonisation across the EU given the less room there is for notorious EU tax haven members to block regulation.

Another concern would be how the new EU authority is meant to be funded. It would be “funded partly from the EU budget and partly from fees levied from obliged entities that will be directly or indirectly supervised by the Authority” (Proposal, page 9).The proposal states that it is expected that three-quarters of the authority’s €45.6 million budget would come from such fees (ibid.). It is worth noting that the Proposal does not determine how and from whom these fees would be collected, and the European Central Bank considers that the scope of direct supervision is limited by “budgetary constraints” (page 3). The problem here is that the Commission is disregarding a superior solution for funding the new authority. The Commission’s own analyses estimate that an EU Financial Transaction Tax would yield about €57 billion (SWD(2013) 28, page 21). Not only would this revenue more than cover the budget of the new EU Authority, but the process of implementing an EU Financial Transaction Tax would directly allow the standardisation of transaction reporting formats and improve data collection. Thus, the financing of the new EU authority with a Financial Transaction Tax would help both fund and facilitate the analysis, coordination, and supervision tasks of the proposed EU authority. If these synergies between sound policy initiatives are not timely harnessed, we may end up with regulatory redundancies that increase costs to public and private actors alike.

In sum, what to expect going forward? 

The Proposal sets forth an ambitious regulatory proposal, where a partly decentralized EU authority would take on new supervisory and coordination functions, to ensure the stability and coherence of the EU financial system. This authority would help implement higher standards in the internal market and prevent the instrumentalisation of certain EU member states for money laundering and terrorism financing. Certain characteristics of the Proposal could be improved to ensure greater effectiveness and resilience of the new EU Authority, particularly with regard to supervisory thresholds and the financing of the authority. In any case, if this regulation is finally adopted, it would surely help to consolidate and harmonise the prevention of financial crime across the EU. Potentially, the new law could then be amended to improve specific aspects.

The bill is currently awaiting committee decision at the EU Council and will likely be submitted to the EU Parliament for first reading by the end of 2022.

Related articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.