EU Supranational Risk Assessment Report 2022

EUROPEAN COMMISSION

Brussels, 27.10.2022

COM(2022) 554 final

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities

{SWD(2022) 344 final}

1.Introduction

The Financial Action Task Force (FATF) 1 recommends that countries conduct risk assessments in each sector subject to requirements on anti-money laundering and countering the financing of terrorism (AML/CFT). They should identify, assess and understand money laundering and terrorist financing risks, and take commensurate preventive measures.

Acknowledging the importance of a supranational approach to risk identification, Directive (EU) 2015/849 2 (the 4th Anti-money Laundering Directive) as modified by Directive (EU) 2018/843 3 (the 5th Anti-money Laundering Directive), hereby “the AMLD”, mandates the Commission to conduct an assessment of specific money laundering and terrorism financing (ML/TF) risks affecting the internal market and relating to cross–border activities.

The Commission published its first supranational risk assessment (SNRA) in 2017 4 and the second in 2019 5 . The 2022 Commission SNRA is made up of two documents: this report and a detailed Staff Working Document, which read together provide a comprehensive mapping of risks on all relevant areas, as well as the necessary recommendations to counter them.

Article 6(1) of the AMLD requires the Commission to update its report every two years (or more frequently if appropriate). The current exercise, slightly delayed by the effects of the COVID-19 pandemic, re-assesses all the sectors covered by previous exercises and, where circumstances have not changed, updates and fine-tunes the information included in the 2019 report. For those sectors or products where relevant changes have been detected, the assessment has also led to a re-calculation of the risk levels involved (e.g.: crypto-assets and online gambling, two sectors for which risk is higher now) 6 .

As with the previous reports, this third edition analyses the present ML/TF risks and proposes comprehensive action to address them. It also assesses the degree to which the Commission’s recommendations for mitigating measures in the 2019 report have been implemented and evaluates the remaining risks. It also benefits from the work and stakeholder consultation process that led to the adoption of the Commission’s Action Plan of 2020 7 and the legislative AML/CFT package proposed in 2021 8 .

The 2021 legislative package is part of the Commission’s commitment to protect the Union’s citizens and financial system from money laundering and terrorist financing. Its aim is to improve the detection of suspicious transactions and activities, and close loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system. It is considered to be the backbone of the mitigating measures proposed and the way to address those problems that have been identified as having a structural nature and cannot be solely remedied by the previous reviews of EU rules in the AML/CFT area.

This report also prioritises risks and focuses on geographical factors where possible and relevant 9 , addressing the recommendations made in the 13/2021 special report of the European Court of Auditors 10 .

In preparing this report, the Commission has carried out a broad consultation exercise involving as many relevant stakeholders as possible 11 in the course of which it addressed various sectors through bilateral and sectoral dialogue with representative organisations at EU level, national-designated experts and academia. Due account has been taken of national risk assessments (NRAs) produced by the Member States and the most recent specialized AML/CFT publications. The Commission has also consulted other EU agencies and national authorities, such as Europol, the European Bank Authority (EBA), and Financial Intelligence Units (FIUs) through the EU FIU Platform 12 . These consultations have taken place between 2020 and 2022.

1.1.The impact of the COVID-19 pandemic

The COVID-19 crisis has led to unprecedented global challenges and economic disruption. Since the World Health Organisation (WHO) declared the COVID-19 outbreak as an international pandemic in March 2020, governments around the world have put in place various measures in response to the pandemic. These include stimulus funds, social assistance and tax relief initiatives, but also different forms of lockdown and confinement measures, such as curfews, closure of schools and of retail and hospitality outlets, border closures and travel restrictions. The unprecedented changes in individuals’ behaviour, prevailing uncertainty and fear, and governmental restrictions have triggered shifts in criminal behaviour. Criminals have also taken advantage of public support programmes.

The new circumstances have enhanced the money laundering risk in many economic sectors and business activities. These risks include:

·misappropriation and fraud on funds granted as financial measures to protect national economies from the impact of the pandemic, or other public funds granted in the context of the pandemic;

·taking over of businesses facing financial difficulties by ill-intentioned actors and criminal organisations;

·increased opportunities for criminal groups to obtain revenues from selling unauthorised medical devices and illicit pharmaceuticals and vaccines, including to governments;

·cybercrimes committed by taking advantage of the increasing volume of on-line purchases, including through the use of fraudulent identities; and

·corruption of civil servants when taking urgent measures, e.g. ordering specific medical supplies, and related simplification of procurement rules 13 .

Public authorities within the anti-money laundering system, e.g. supervisors, FIUs and law enforcement authorities, had to adapt to new modalities for conducting their activities, restricting mobility and personal interaction. These included limited or halted on-site checks, interviews, and law enforcement missions in other countries for assessing cross-border operations. This may have reduced the capacity to conduct functions effectively in some areas. New investigative tools and practices have been introduced, e.g. on-line interviews and examinations, which limited the impact of the governmental measures on the supervisory and investigative capacity of the competent authorities.

More than two years from the declaration of the pandemic, these phenomena can still be observed, although their impact is now more limited due to greater awareness of these criminal threats, while citizens have largely resumed their pre-outbreak behaviour. Nevertheless, criminals will adjust the modi operandi they employ. In the meantime, criminal structures operating in the EU may still benefit from the changes introduced by the pandemic and could enhance their capacity.

1.2.The Russian war of aggression against Ukraine

Since March 2014, the EU has progressively imposed restrictive measures (sanctions) against Russia, initially in response to the illegal annexation of Crimea and Sevastopol and the deliberate destabilisation of Ukraine. On 23 February 2022, the EU expanded the sanctions in response to the recognition of the non-government controlled areas of the Donetsk and Luhansk oblasts of Ukraine and the ordering of Russian armed forces into those areas. Since 24 February 2022, in response to Russia’s military aggression against Ukraine, the EU massively expanded the sanctions 14 . It added a significant number of persons and entities to the sanctions list and adopted unprecedented measures with the aim of significantly weakening Russia’s economic base, depriving it of critical technologies and markets, and significantly curtailing its ability to wage war.

In parallel, the EU sanctions regime concerning Belarus 15 has been expanded in response to that country’s involvement in Russia’s aggression against Ukraine and in addition to the sanctions already in place. This sanctions regime consists of an array of financial, economic and trade measures 16 .

In order to ensure the effective implementation of EU asset freezing measures against persons and entities linked to the Russian aggression, the Commission set up the ‘Seize and Freeze’ Task Force. The aim of the Task Force is to coordinate actions taken by Union bodies and national authorities and to address any challenges in the implementation of EU sanctions. The Task Force is already delivering significant results: Member States have frozen assets amounting to almost EUR 10 billion, which amounts to EUR 32 billion when including the funds of the Russian Central Bank. The overall impact of the sanctions is already being felt in the Russian economy 17 . The Task Force also aims at facilitating the exchanges among law enforcement authorities regarding investigations and confiscation measures taken in relation to potential crimes linked to the persons subject to sanctions (including on the circumvention of such sanctions). The Task Force is also exploring options for using confiscated assets for the benefit of the Ukrainian people.

The Commission Recommendation of 28 March 2022 18 on immediate steps in the context of the Russian invasion of Ukraine in relation to investor citizenship schemes and investor residence schemes urges Member States to reassess naturalisations and residence permits granted under such schemes to Russian and Belarusian, to make sure that they are not part of the EU’s list of sanctions in connection to the war in Ukraine. The Commission also recommended suspending the issuance of residence permits under investor residence schemes to all Russian and Belarusian nationals.

According to a recent study carried out through the use of the DATACROS tool funded by the Internal Security Fund-Police 19 , there are almost 31 000 firms in Europe (among which real estate, construction, hotels, and the financial and energy sector prevail) with Russian beneficial owners 20 . 1 400 of them have ownership (up to 5%) held by 33 individuals subject to recent sanctions – the so-called oligarchs. Some oligarchs may obfuscate their ownership or control of firms through intermediate companies registered in non-EU countries 21 or local nominee shareholders.

In fact, a number of these firms already presented high-risk indicators before sanctions were issued: appearing in the Offshore Leaks database 22 , unjustified corporate complexity, use of opaque legal arrangements or connections with high risk jurisdictions. This means that these firms could (and should) have raised alerts among competent and supervisory authorities before the recent events.

Against this background, the objective of the EU AML/CFT framework to protect the integrity of the EU financial system contributes to protecting freedom, justice and security in Europe as a whole. Proper implementation of the EU assets freeze restrictive measures 23 also requires the effective enforcement of beneficial ownership rules (i.e., transparency of business registries and of the corporate domain); the further development of interconnections between different registers (beneficial ownership registers, company/business registers, land registers); smoother inter-agency cooperation and exchange of information, and the adequate detection and supervision of assets hidden from tax authorities 24 . Empty shell companies can be created with relative ease, therefore they continue to be used to transit hundreds of millions of euros through opaque transactions 25 . By utilising shell companies, criminals can conceal the origin and destination of funds, in addition to obscuring the real beneficiary of the operation. These funds can be used for mere personal gain as well as for the destabilisation of entire countries. Thus, shining a light on dirty money flows not only contributes to defending democracy and the safety of EU citizens, but it also helps countering the influence of autocracies.

The discussions in the framework of the ‘Freeze and Seize’ Task Force underline the difficulties in identifying the assets controlled by oligarchs as beneficial owners, often hidden behind complex legal structures across different jurisdictions. This is a major challenge for the enforcement of sanctions and for law enforcement investigative activities. Therefore, it is of outmost importance to ensure swift progress in the negotiations of the Anti-Money Laundering package so as to ensure beneficial ownership information is available to competent authorities. Moreover, given the importance of the registers in ensuring the effective implementation of targeted financial sanctions, it is important that Member States anticipate to the extent possible the adoption of the measures proposed therein to ensure that beneficial ownership registers are sufficiently populated.

2.Outcomes of the Supranational Risk Assessment

In this third edition of the SNRA, the Commission analyses the money laundering and terrorist financing risks that 43 products and services, grouped within eight categories, may pose for the EU internal market. These products and services are those identified by the AMLD 26 along with several others relevant for the risk assessment in light of their perceived intrinsic risk 27 .

These 43 products and activities were already assessed in the second (2019) SNRA edition 28 , which in turn constituted an updated and upgraded version of the Commission’s first (2017) report 29 . They are grouped as follows:

(1)Cash-related products and services (cash couriers, cash intensive business, high value banknotes, payments in cash and privately owned ATMs).

(2)Financial sector (deposit on accounts, retail and institutional investment sector, corporate banking, private banking, crowdfunding, currency exchange, e-money, transfers of funds, illegal transfers of funds, payment services, virtual currencies and other virtual assets, business loans, consumer credit and low-value loans, mortgage credits and high-value asset-backed credits, insurance (life and non-life) and safe custody services).

(3)Non-financial products and services (legal arrangements, high value goods, high value assets, couriers in precious metals and stones, real estate, services provided by accountants and legal services).

(4)Gambling sector.

(5)Non-profit organisations.

(6)Professional sports (professional football).

(7)Free zones.

(8)Investor citizenship schemes and investor residence schemes.

They have been reviewed in the light of the revised Union AML/CFT legal framework and, where relevant, the effects of the COVID-19 pandemic and the sanctions against Russia and Belarus. Where circumstances have not changed, the descriptions and the assessments of the products and services analysed in the 2019 report have not been fundamentally modified.

Thus, this assessment updates the information in the 2019 report, fine-tuning and streamlining several areas (such as virtual currencies and assets and the analysis of the financial sector and non-financial products), and revises figures and information sources.

2.1.Main risks in the sectors covered by the supranational risk assessment

2.1.1.Cash and cash-like assets

Although retail transactions in cash have declined, the demand for euro banknotes appears to have increased, in a trend referred to as the “paradox of banknotes”, which shows that cash is still a popular store of value even in the wake of the COVID-19 pandemic 30 . In spite of the changing face of criminality, the criminal economy remains overwhelmingly cash-based, which exposes the EU to significant ML/TF risks due to the anonymity and relative ease of movement associated with cash and cash-like assets. Criminals seek to move cash proceeds to locations where use or placement into the financial system is easier, typically in places where there is a predominant use of cash or weak supervision of the financial system. Cash may be further converted to anonymous assets like pre-paid cards, which are not currently subject to controls at borders 31 . Reporting is very low, possibly in view of the difficulty of detecting cash transactions. The emergence of privately-owned cash machines (ATMs) increases the opportunities for criminal organisations to place their proceedings into the financial system undetected.

The current legal framework in the EU has greatly hindered opportunities for introducing large sums of illicitly generated cash into the financial system. The Cash Controls Regulation 32 , which entered into application in June 2021, increases the scope of cash controls at the EU’s border and enhances authorities’ powers.

Currently, 19 Member States have implemented or are in the process of introducing limitations to cash payments, but diverging frameworks distort competition and may lead to relocation of business to Member States with less rigid requirements. The Commission’s Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing 33 referred to the introduction of ceilings for large cash payments as a potential means for mitigating ML/TF risks. To this effect, the Commission’s proposal for a Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing 34 includes a limit on large cash payments.

2.1.2.Financial sector

As with the previous reports, this SNRA covers within this category a number of products and sectors (17 in total) that provide financial services to commercial and retail customers. This chapter comprises a broad range of industries, including the banking sector, investment, insurance, crowdfunding, e-money, transfer of funds (legal or otherwise), crypto-assets, and payment services.

Most of the threats and vulnerabilities identified have already been highlighted in the previous SNRAs and continue to be relevant. Within the financial sector, lack of clear and consistent rules, inconsistent AML/CFT supervision across the internal market, and insufficient coordination and exchange of information among FIUs, continue affecting the EU’s ability to correctly address ML/TF risks 35 . In addition, AML/CFT competent authorities in the Member States often appear to find it difficult to supervise the sector in line with a risk-based approach 36 .

In line with the Opinion of the European Banking Authority of March 2021 37 , this SNRA considers that credit and payment institutions, bureaux de change, e-money institutions and credit providers (other than credit institutions) appear to be most vulnerable to risks arising from weaknesses in AML/CFT systems and controls 38 .

Risks associated with crypto-assets call for ensuring not only a high level of consumer and investor protection and market integrity, but also for measures against market manipulation and to prevent ML/TF activities 39 . Financial stability and monetary policy risks that could arise from a wide use of crypto-assets and Distributed Ledger Technology (DLT) based solutions in financial markets must also be addressed 40 .

The features and nature of investment funds make them vulnerable to laundering of proceeds derived from fraud, tax crimes, corruption, and bribery 41 . The risk is further driven by the sector’s exposure to high-risk clients, as well as the high volume, complexity and cross-border nature of transactions. In an industry holding significant value under management, transparency of beneficial ownership is still sub-optimal.

2.1.3.Non-financial sector and products

Under this chapter, the SNRA assesses legal structures under a new approach, departing from previous reports. It focuses now on the main vulnerabilities linked to the concealment of beneficial ownership (trusts, nominees and companies) and no longer on specific moments of the existence of legal entities and legal arrangements (creation, business activity, and termination). It also considers the high-value goods market, investment in real estate and services provided by accountants, auditors, advisors, and tax advisors as well as legal services from notaries and other independent legal professionals.

2.1.3.1. Non-financial sector and products – Legal entities and arrangements

Criminals may devise complex structures involving companies and legal entities to obscure financial audit trails, often including the use of shell and front companies. The use of such legal structures disguises the movement of illicit proceeds as legitimate business transactions. Trusts and similar arrangements provide opacity and hide the existence of assets from law enforcement authorities and asset recovery offices. A lack of cooperation and information-sharing between authorities in different jurisdictions create areas of weaknesses that are easily exploitable by criminals seeking out jurisdictions where AML controls are less effective.

Complementary to such structures, the services provided by nominee directors and shareholders may be exploited for the purposes of obscuring beneficial ownership. For example, criminals and persons barred from taking on certain positions in business seek the services of formal nominees to conceal their identities, circumvent bans, and remain hidden from company documents and registries.

2.1.3.2. Non-financial sector and products – High value goods

High value goods, including arts, antiquities, and precious metals and stones, are commodities that permit the transfer of value. For criminals, this means that illicit proceeds may be converted into high value assets that can be moved across borders and stored with relative ease and little regulatory scrutiny. The value of assets such as arts and antiques is often subjective and challenging to verify or compare. Therefore, inexpensive pieces of art may be sold to accomplices at a highly inflated price, producing an invoice that legitimises the transfer of funds.

Links between the antiquities trade and drug, wildlife and arms trafficking, money laundering and tax crime and the financing of war machines and terror organisations have been widely reported, which puts antiquities trafficking on the level of serious transnational organised crime 42 . As announced in the EU Strategy to tackle Organised Crime 2021-2025 43 , the Commission will at the end of 2022 adopt its action plan on trafficking in cultural goods, setting out a comprehensive policy approach to disrupt this form of crime and to protect cultural goods from harm from criminal activities.

2.1.3.3. Non-financial sector and products – Service providers

Service provider companies 44 remain at risk of infiltration or ownership by organised crime groups to launder illicit proceeds. Perpetrators may take advantage of their advisory services and specialised knowledge on the creation and management of structures, as well as their ability to provide documentation and assurances in relation to business activities. The respectability associated with certain professions makes them attractive targets for launderers, as does their use of client accounts. Professionals may be involved unwittingly, but may also be complicit with criminals or wilfully negligent in complying with their AML/CFT obligations.

The exposure to risk is driven by the involvement of such professionals in the management of complex legal situations and of companies and legal arrangements, including shell and offshore companies.

Disparities in the application of risk-based supervision of some sectors across Member States, particularly when conducted by self-regulatory bodies, impact effective prevention and the ability to detect misuse. The low number of suspicious transaction or activity reports (STRs or SARs) from most Designated Non-Financial Businesses and Professions (DNFBPs) 45 across Member States indicates that suspicions are not being effectively detected and reported.

The real estate sector is also significantly exposed to money laundering risks and particularly vulnerable for tax crime purposes. A Commission study estimated that EUR 1.4 trillion is held in offshore real estate by EU residents 46 . Complex financing methods, intermediation and the use of corporate vehicles pose challenges to the identification of beneficial ownership. Studies by FATF and Egmont Group provide examples of the complexity of the schemes put in place to conceal the source of funds 47 .

As National Risk Assessments indicate, service providers benefit the most from awareness-raising activities, training and enhanced supervision.

2.1.4.Common features to the financial and non-financial (legal entities and arrangements) sectors

Beneficial ownership weakness continues to remain a considerable threat to the financial system. Anonymity remains a critical vulnerability in the international financial system, with banks, regulators, and law enforcement authorities unable to quickly ascertain the true owners of companies. Collective investment undertakings are similarly at risk, as the identity of end investors is not usually transparent, and the use of omnibus accounts 48 further complicates the exchange of information among intermediaries.

In the non-financial sector, legal entities and arrangements are valued by criminals for their ability to enhance anonymity and conceal the identity of beneficial owners, as well as a means to carry out their illicit activities, for example by facilitating logistics or transport of illicit goods.

Thus, transparency of beneficial ownership appears as a crucial element in both areas. The key to addressing anonymity-related risks lies in those initiatives adopted in recent years at global level and in particular in the EU, a frontrunner in this respect, to boost the transparency of firms and prevent their misuse by criminals. The establishment of beneficial ownership registers 49 and the increase of company transparency 50 are just a few examples of ongoing efforts in the fight against the use of shell companies. In addition to knowing who actually controls a firm, lifting the veil on how firms are controlled produces investigative leads and orients risk assessment, boosting early detection of risks, and allowing the understanding of hidden patterns which would not be visible with a traditional approach.

2.1.5.Gambling sector

The gambling sector is characterised by fast economic growth and technological development, with a strong growth of the online sector during and after the COVID-19 pandemic. In this regard, a number of competent authorities reported that risks arising from online gambling have increased further since the publication of the last SNRA in 2019.

For the first time this assessment considers exchangeable tokens used in video games as assimilated to crypto-assets 51 . Therefore, their threat assessment should follow the same regime.

Casinos, for their part, present an inherently high-risk exposure, but their inclusion in the AML/CFT framework since 2005 has had a mitigating effect. Lotteries and gaming machines (outside casinos) present a moderate level of ML/TF risk. For the former, certain controls are in place, in particular to address the risks associated with high winnings. Land-based bingo is seen as presenting a low level of ML/TF risk due to the relatively low stakes and winnings involved.

2.1.6.Collection and transfer of funds through Non-Profit Organisations (NPOs)

This report covers the categories of non-profit organisations set out in the Recommendation of the Financial Action Task Force 52 . This risk scenario relates to the collection and transfer of funds by NPOs within the internal market, as well as to the collection of funds for transfer to and from third countries.

The heterogeneity of the NPO sector and sub-sectors presents a challenge to the assessment of risks. The nature and level of both money laundering and terrorism financing risks may vary depending on the funding sources, disbursement methods and channels, and the beneficiaries of funds. NPOs providing humanitarian aid tend to operate in areas of conflict or crisis, where at times armed groups or individuals designated as terrorists may be present. De-risking by financial institutions places NPOs at risk of financial exclusion, and the difficulty of accessing formal banking channels further increases the risk 53 .

NPOs have become more aware of the risks they face, with an increase in investment in compliance and audit functions being noted among well-established NPOs. There exists room for more collaboration and outreach by Member States to the financial sector to facilitate access by NPOs to regulated channels.

Almost all Member States have in place some form of supervision, whether through NPO regulatory bodies, tax authorities, or other types of supervisory authorities. Due diligence procedures for registration and access to financial services have become more stringent, potentially making NPOs less attractive for terrorism financing purposes.

2.1.7.Professional sports

Like many other businesses, sport has been used by criminals to launder money and derive illegal income. Football, being by far the most popular sport in the world, is an obvious candidate. As in the art world, criminals in the sports world are not always motivated by economic gain. Social prestige, association with celebrities, and the prospect of dealing with authority figures may also attract criminal investment.

The COVID-19 pandemic has had a devastating effect on club finances, resulting in several growing trends which could put the sector at greater risk. Due to insufficient resources and training, this sector is still vulnerable to money laundering and, to a far lesser extent, terrorist financing. The sector’s own legal framework has increased the checks applied, however that framework alone is inadequate. Transparency at all levels, from player transfers to club ownership, is essential for reducing this sector’s risk level.

2.1.8.Free trade zones

Free trade zones continue being regarded as presenting high money laundering and terrorist financing risks as they offer a number of advantages from a customs and taxation perspective. This may make them more likely to facilitate predicate offences or abuse. Although the risks assessed are applicable to all free zones and, to a lesser extent, customs warehouses, they are exacerbated in the case of high–value goods held in free ports. Pointing at the rapid growth in the high-end of the art market and the physical expansion of luxury storage spaces, a research paper suggests that luxury free ports are establishing themselves as new players in the global system of tax avoidance and crime 54 .

In addition, free trade zones continue to pose a counterfeiting threat, as they allow counterfeiters to land consignments, adapt or otherwise tamper with loads or associated paperwork and then re-export the products without customs intervention, and thus disguise the true origin and nature of the goods, and the identity of the original supplier.

There is room to improve the regulation of EU free zones. The Commission’s proposal for a Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, adopted in July 2021, clarifies the scope of the entities covered 55 . The Commission is currently undertaking an evaluation of EU free zones. Among other analyses, this evaluation assesses the benefits and costs of free zones, including the risk of possible misuse, both in the customs and taxation area.

2.1.9.Investor citizenship and investor residence schemes

Investor citizenship and residence schemes aim to attract investment in a country by granting citizenship or residence rights in exchange for pre-determined payments or investments in the country concerned. Such schemes are attractive as they facilitate travel and conduct of business, but can be subject to misuse for the purposes of money laundering, tax crime and corruption and may also raise security risks. A second citizenship may facilitate the movement of ill-gotten proceeds and the concealment of assets from competent authorities. Concerns may also arise on the lack of transparency and governance of the schemes.

In October 2020, the Commission took steps 56 with respect to the three Member States that operated investor citizenship schemes at that time, based on concerns that those Member States failed to fulfil their EU law obligations in relation to the principle of sincere cooperation 57 and the concept of citizenship of the Union 58 . The nature of EU citizenship, and the rights attached to it, imply that such schemes are not limited to the Member State that naturalises an investor, but affect all Member States and the EU as a whole. The Commission has explicitly stated that the granting of nationality, and by extension EU citizenship, in return for pre-determined payments or investments, and without any genuine link between the Member State concerned and the investor, undermines the integrity of EU citizenship as well as the principle of sincere cooperation 59 .

Only one Member State continues to operate an investor citizenship scheme 60 . The Commission pursued its infringement procedure against this Member State in April 2022 61 .

However, investor residence schemes are offered by 19 Member States.

The Commission’s proposal for a Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing states that operators who are involved on behalf of third-country nationals in the context of investor residence schemes will be captured as obliged entities. Actors involved in investor citizenship schemes are not included in the proposal given the Commission’s concerns regarding their incompatibility with EU law 62 .

The risks of such schemes have recently been highlighted in the context of the Russian aggression against Ukraine, as nationals subject to sanctions or significantly supporting the war against Ukraine may have acquired EU citizenship or residence permits in Member States. As investor citizenship schemes are in breach of EU law, the Commission has urged Member States to immediately repeal investor citizenship schemes. It has also called on Member States to ensure that investor residence schemes are subject to rigorous checks 63 .

Furthermore, as part of the actions taken to address the risks of investor residence schemes, the Commission also adopted on 27 April 2022 a proposal to recast the Long-Term Residents Directive. The proposal includes, among other things, rules to prevent that third-country investors abusively acquire the EU long-term resident status. For this purpose, it includes a provision to strengthen checks on the residence requirement, with particular regard to applications for EU long-term resident status submitted by persons holding and/or having held a residence permit granted on the basis of any kind of investment in a Member State.

3.Mitigating measures

3.1.Mitigating measures under the 5th Anti-Money Laundering Directive

The 5th Anti-Money Laundering Directive, whose transposition deadline elapsed in January 2020 64 , has equipped the EU with tools allowing it to more effectively prevent its financial system from being used for ML/TF, in particular through:

·improving transparency through public beneficial ownership registers for companies, and publicly available registers for trusts and other legal arrangements;

·limiting anonymity offered by virtual currencies, wallet providers and pre-paid cards;

·broadening the criteria for the assessment of high-risk countries and improving the safeguards for financial transactions to and from such countries;

·requiring Member States to set up central bank account registries or retrieval systems;

·improving anti-money laundering supervisors’ cooperation and information exchange with each other and with prudential supervisors and the European Central Bank.

These measures are expected to further contribute to lowering risk levels in the concerned sectors and products. The Commission is reviewing compliance with the new provisions and will publish an implementation report in 2022.

3.2.EU mitigating measures already in place or in the pipeline

3.2.1.Legislative measures

Most legislative measures referred to in the two previous SNRAs have already been adopted, notably:

·the 5th Anti-Money Laundering Directive,

·the new Cash Controls Regulation 65 ,

·the Directive on Countering Money Laundering by Criminal Law 66 ,

·the Regulation on the introduction and the import of cultural goods 67 ,

·the Directive on access to financial and other information 68 ,

·the revision of the European Supervisory Authorities Regulations 69 ,

·the adoption of Directive (EU) 2019/2177 70 , which amends the Solvency II Directive, the MiFID II Directive and the 4th Anti-Money Laundering Directive, and

·the adoption of the 5th Capital Requirements Directive 71 , which removes the obstacles to cooperation between prudential and anti-money laundering/countering the financing of terrorism supervisors.

3.2.2.The legislative proposals

As mentioned under Section 1 (“Introduction”) above, on 20 July 2021, the Commission presented a package consisting of four legislative proposals to strengthen the EU AML/CFT provisions:

·A Regulation establishing a new EU AML/CFT Authority (“the AMLA Regulation”) 72 ;

·A Regulation on AML/CFT, containing directly-applicable rules, including in the areas of Customer Due Diligence and Beneficial Ownership (“the AML/CFT Regulation”) 73 ;

·A sixth Directive on AML/CFT (“AMLD6”), replacing the existing Directive 2015/849/EU (the fourth AMLD as amended by the fifth AMLD), containing provisions that will be transposed into national law, such as rules on national supervisors and FIUs in Member States 74 ; and

·A revision of the 2015 Regulation on Transfers of Funds to trace transfers of crypto-assets (Regulation 2015/847/EU) (“the Transfers of Funds Regulation”) 75 .

The proposed AML/CFT Regulation would constitute the central element of what is commonly referred to as an EU ’single rulebook‘ on AML/CFT. It would replace the minimum rules of the EU AML Directives currently in force with detailed and directly applicable provisions. The main issues addressed by the proposal include: the obligations imposed on entities required to prevent money laundering (‘obliged entities’); transparency of information regarding persons owning or controlling the customers of such entities; and the misuse of anonymous instrument (such as crypto-assets). The Regulation would thus extend the list of obliged entities to include all crypto-asset service providers – as recommended by the Financial Action Task Force (FATF) – and streamline beneficial ownership requirements across the EU. It would also restrict transactions in cash, setting at EUR 10 000 a maximum cap for accepting or making payments in cash by persons trading in goods or providing services. Moreover, it would harmonise the EU approach to third countries with strategic deficiencies in their AML/CFT regimes.

The Commission proposed to task the AML/CFT Authority with direct supervisory powers and should be operational in 2024. The Authority should start exercising its supervisory powers once the AMLD6 has been transposed and the new rules start to apply.

The legislative package is being discussed by the European Parliament and the Council, and the Commission is hopeful for a speedy legislative process.

3.2.3.Further supporting measures

The European Commission continues its work related to:

·Improving statistical data collection. Since January 2020 the Commission has, pursuant to Article 44 of the AMLD, been obliged to collect and subsequently report on national statistics on matters relevant to the effectiveness of the Member States’ systems to combat money laundering and terrorist financing. A methodology to collect and estimate quantitative volumes of money laundering is also to be developed.

·Training for professionals carrying out activities covered by ‘legal privilege’. The Commission has been providing guidance and practical insights to help them recognise possible ML/TF operations and how to proceed in such cases. An EU funded project for training of lawyers has taken place between 2020 and 2022 76 .

·Raising public awareness about ML/TF risks.

·Further monitoring of currency counterfeiting and its possible links to money laundering. The Pericles IV programme 77 funds staff exchanges, seminars, trainings and studies for law enforcement and judicial authorities, banks and others involved in combating euro-counterfeiting. Actions can take place in the euro area, in EU countries outside the euro area and in third countries.

4.Recommendations and follow-up

Having assessed the risks in light of the updated legal framework and the proposals presented in its legislative package, the Commission considers that a series of other mitigating measures should be taken at EU and Member State level, taking into account:

·ML/TF risk levels;

·the need to take action at EU level or to recommend that Member States take action (subsidiarity);

·the need for regulatory or non-regulatory measures (proportionality); and

·the impact on privacy and fundamental rights.

The Commission has also taken into account the need to avoid any abuse or misinterpretation of its recommendations that would result in de-risking, i.e.: the exclusion of entire classes of customers and the termination of customer relationships, without taking full and proper account of the level of risk in a particular sector. This can leave customers without access to the financial system. As highlighted by the EBA, de-risking can be a legitimate risk management tool in some cases but it can also be a sign of ineffective money laundering and terrorist financing risk management, with severe consequences 78 .

The following sections thus make recommendations at both EU and Member State level while also following up on the progress made to address the recommendations set out in previous SNRAs.

4.1.Recommendations to the European Supervisory Authorities (ESAs)

4.1.1.The European Commission’s ‘call for advice on defining the scope of application and the enacting terms of a regulation to be adopted in the field of preventing anti‐money laundering and terrorist financing’

In March 2020, the Commission services requested advice from the EBA on the areas where AML/CFT rules could be strengthened. The EBA provided its opinion on 10 September 2020 79 .

The EBA recommended that the Commission proposes harmonizing aspects of the current EU AML/CFT framework where divergence of national rules has resulted in significant adverse impact, such as customer due diligence measures, internal control systems, supervisory risk assessments, cooperation and enforcement. The EBA further suggested that the EU strengthen aspects of its legal framework where vulnerabilities are detected, specifically with reference to the powers of AML/CFT supervisors and reporting requirements.

The EBA recommended that the list of obliged entities be expanded and clarified, in particular with regard to crypto-asset service providers, investment firms and investment funds. It also suggested clarifying provisions in sectoral financial services legislation (notably payment services, financial services and deposit guarantee schemes) to ensure they are compatible with the EU’s AML/CFT objectives.

This input has been integrated throughout the Commission’s legislative proposals.

4.1.2.Follow-up to the 2019 Supranational Risk Assessment Recommendations

In the 2019 report, the Commission recommended that the European Supervisory Authorities should:

·provide updated guidelines on internal governance so as to further clarify expectations around the functions of compliance officers in financial institutions;

As a result, the EBA has developed guidelines on the role and responsibilities of the AML/CFT compliance officer 80 . These guidelines specify the role, tasks and responsibilities of AML/CFT compliance officers and the management body and how they interact, including at group level. They apply to all financial sector operators that are within the scope of the AML Directive.

4.2.Recommendations to non-financial supervisors

This assessment has found that the threats and vulnerabilities previously detected in the non-financial area are still largely applicable. Thus, the Commission reiterates the recommendations of the previous SNRA for self-regulatory bodies, notably to carry out more thematic inspections, raise the level of reporting, and continue to organise training schemes to develop understanding of AML/CFT risks and compliance obligations.

4.3.Recommendations to Member States (national authorities and/or national supervisors)

4.3.1.Follow-up to the 2019 Supranational Risk Assessment Recommendations

Under Article 6(4) of the Anti-Money Laundering Directive, if Member States decide not to apply any of the recommendations, they should notify the Commission of their decision and provide a justification for it (‘comply or explain’). To date, no Member State has made such a notification to the Commission as concerns the 2019 recommendations.

It is important to note that the legal obligations of the 5th Anti-Money Laundering Directive supersede, either totally or in part, previous recommendations, in particular as regards increased transparency of beneficial ownership, reduced thresholds for customer due diligence in some sectors, or extending the list of obliged entities.

The following section details several aspects fundamental to the Commission recommendations.

(1)Scope of national risk assessments

Previous reports identified cash intensive businesses and payment in cash, the NPO sector and electronic money products as areas to which Member States should give due consideration in their national risk assessments and for which they should define appropriate mitigating measures.

For this exercise the Commission has to date received the most recent national risk assessments from 25 Member States 81 . The remaining Member States are encouraged to urgently submit them following this recommendation.

This report reminds the national authorities of their obligation to keep their risk assessment up to date. This report also maintains the 2019 recommendation and calls on all Member States to ensure that their national risk assessments cover the risks associated with the mentioned products and sectors and to provide for the appropriate mitigating measures.

(2)Beneficial ownership

A high level of transparency of beneficial ownership information is crucial in combating the misuse of legal entities. Public access to this information can allow greater scrutiny of information by civil society, including by the press or civil society organisations, and contributes to preserving trust in the integrity of the financial system. Confidence in financial markets from investors and the general public depends in part on the existence of an accurate disclosure regime that provides transparency in the beneficial ownership and control structures of companies.

For these reasons the 2019 report maintained the 2017 recommendation to Member States that the information on the beneficial ownership of legal entities and legal arrangements should be adequate, accurate and up to date. In particular, tools should be developed to ensure that the identification of beneficial ownership is done when applying customer due diligence measures and that the sectors most exposed to risks from opaque beneficial ownership schemes are effectively monitored and supervised.

As long as public registers are not fully implemented and difficulties in accessing information persist, the flow of dirty money remains a real risk for the EU as a whole. Consequently, this report maintains the 2019 recommendation and encourages Member States to fully implement the provisions set out in the Anti-Money Laundering Directive related to beneficial ownership registers.

The Commission is currently assessing the implementation of national beneficial ownership registers through dedicated questionnaires in the context of its horizontal assessment of the implementation of AMLD5 and follows attentively the developments of this key element of the EU AML/CFT legal framework 82 .

Moreover, in view of the Russian aggression to Ukraine, Member States should anticipate to the extent possible the adoption of the measures proposed in the Anti-Money Laundering package to ensure that beneficial ownership registers contain comprehensive information.

(3)Appropriate resources for AML/CFT supervisors and FIUs

Article 32 of the AMLD requires Member States to provide their FIUs with adequate financial, human and technical resources in order to fulfil their tasks. However, the report on the assessment of recent alleged money laundering cases involving EU credit institutions already showed that many supervisors were critically understaffed. EBA’s report on money laundering and terrorist financing risks affecting the EU’s financial sector has also highlighted this deficiency 83 .

This report maintains the recommendation that Member States further intensify their efforts in this area and demonstrate that AML/CFT supervisors can fully carry out their tasks.

(4)Increased on-site inspections by supervisors

The 2019 report maintained the 2017 recommendation to Member States to conduct a sufficient number of on-site inspections with regard to both the financial and the non-financial sector.

Marked differences continue to exist among Member States; several indicated in their national risk assessments that they conduct regular thematic supervisory inspections, while others reported that they carry out a general risk assessment.

With regard to the financial sector, FIUs, supervisors and other AML/CFT competent authorities should continue to conduct on-site inspections that are commensurate, in terms of frequency and intensity, to the identified ML/TF risks. These must focus on specific operational ML/TF risks, depending on the specific vulnerabilities inherent to a product or service. In particular:

·The EBA’s Opinion on ML/TF risks shows that credit institutions receive the most coverage in terms of supervisory activities. This report also considers it necessary for competent authorities to monitor closely the management of ML/TF risk by credit institutions and if necessary, strengthen their supervisory efforts with more intrusive supervision of those firms that present the most significant ML/TF risks.

·Controls in the sector of payment institutions, which present significant inherent risks, are still rated as poor or very poor 84 . This report, in line with the EBA’s Opinion, recommends enhanced on-site supervision of the sector.

·As regards e-money institutions, full-scope on-site inspections may not be necessary in every case. Instead, for instance, on-site thematic reviews to ensure adequate supervisory coverage of a sufficiently large number of firms are recommended.

·Investment firms are also a sector for which several authorities indicated they did not carry out any off-site/on-site inspections in the period under review. Thus, it should be considered whether to increase the proportion of inspections carried out on-site in light of the identified risks.

For the non-financial sector, this report calls on Member States to ensure that their FIUs, supervisors (where they exist) and other AML/CFT competent authorities conduct sufficient unannounced spot-checks especially on high-value dealers, real-estate professionals and antique traders.

(5)FIUs, supervisors and other AML/CFT competent authorities to carry out thematic inspections

Previous reports recommended that supervisors develop a better understanding of the ML/TF risks to which a specific segment of the business is exposed to. The information received by the Commission shows this has happened only to a point. It is also worth mentioning that in certain sectors (e.g.: art and antiques) no specific supervisors exist.

In the currency exchange area (bureaux de change), competent authorities are advised to give due consideration to thematic inspections to develop a broad understanding of risks and the quality of risk mitigation efforts in the sector.

This report maintains the recommendation that Member States further ensure that FIUs, supervisors (where they exist) and other AML/CFT competent authorities carry out thematic inspections.

(6)A wider list of obliged entities

The 5th Anti-Money Laundering Directive extended the scope of the AML/CFT regime to: fiat-to-crypto companies and custodian wallet service providers; art traders (when the value of transactions or series of linked transactions amount to EUR 10 000 or more); those who provide similar services to auditors, external accountants and tax advisors as a principal business or professional activity; and estate agents who act as intermediaries in the letting of property where the monthly rent is equivalent to EUR 10 000 or more. A review of the national risk assessments and transpositions carried out by most Member States shows that this mitigating measure has generally been followed.

This report maintains the recommendation to pay close attention to professionals particularly at risk: estate agents, art and antiques dealers and specific traders in high-value goods if they accept cash payments above a certain threshold; virtual currency exchange platforms and wallet providers.

(7)An appropriate level of customer due diligence for occasional transactions

In the proposal for an AML/CFT Regulation, the Commission proposes that obliged entities should not be required to apply due diligence measures on customers carrying out occasional or linked transactions below a certain value, unless there is suspicion of money laundering or terrorist financing. Whereas the EUR 10 000 threshold applies to most occasional transactions, obliged entities which operate in sectors or carry out transactions that present a higher risk of money laundering and terrorist financing should be required to apply customer due diligence for transactions with lower thresholds.

Thus, this report maintains the 2019 recommendation to Member States to set out criteria that ensure that the customer due diligence rules applicable to business relationships are not circumvented.

(8)Appropriate level of customer due diligence for safe custody and similar services

In light of the rising trend detected as regards the use of these services by criminal organisations to hide the proceeds of crime, this report maintains the recommendation that Member States ensure an appropriate level of customer due diligence for safe custody and similar services.

(9)Regular cooperation between competent authorities and obliged entities

Previous reports recommended enhanced cooperation between competent authorities and obliged entities in order to simplify the detection of suspicious transactions, increase the number and the quality of the suspicious transactions reports, and provide guidance on risks, customer due diligence, and reporting requirements. Several sectors continue to stress the lack of feedback on their suspicious transactions reports as a problem, in particular: gambling, tax advisors, auditors, external accountants, notaries and other independent legal professionals and money or value transfer services.

This report recommends a close and ongoing cooperation among AML/CFT competent authorities, FIUs, law enforcement authorities, and the private sector. Public-Private-Partnerships (PPPs) have been established in some Member States to enhance cooperation and information exchange and to contribute to the improvement of reporting of suspicious transactions. Some PPPs also include the sharing of tactical information to support on-going investigations by law enforcement authorities. Through information sharing, obliged entities can further adjust their monitoring systems to reflect new typologies and risks.

(10)Special and ongoing training for obliged entities

Most Member States indicate that training has been provided as recommended, and guidance on AML/CFT obligations has been issued for different sectors.

This report maintains the recommendation to provide further training, especially with regard to obliged entities particularly at risk, as identified in this supranational risk assessment.

(11)Annual reporting from competent authorities/self-regulatory bodies on the AML/CFT activities of the obliged entities under their responsibilities

National risk assessments indicate that supervisory activity by self-regulatory bodies is still a recent activity, with divergent levels of compliance and, consequently, a lack of detailed statistics. The Commission’s proposal for an AML/CFT Regulation introduces provisions to facilitate obliged entities’ compliance with their reporting obligations and allow for a more effective functioning of the FIUs’ analytical activities and cooperation. Compared with the 5th Anti-money Laundering Directive, it increases consistency by ensuring that when supervision is performed by self-regulatory bodies, those self-regulatory bodies are subject to oversight by a public authority.

This report maintains the previous recommendation and encourages self-regulatory bodies to take on a more proactive role in AML/CFT supervision.

4.4.Risk analysis by product/service — specific recommendations

In addition to the above recommendations 85 , there is a need for the following product/sector-specific action 86 :

4.4.1.Cash and cash-like assets

·In their national risk assessments, Member States should take into account risks posed by high-value cash payments and cash-intensive businesses, and take appropriate mitigating measures.

4.4.2.Financial sector

·It is essential that Member States develop and improve their beneficial ownership registers to assist in carrying out robust customer due diligence checks.

·Member States should improve the monitoring and detection systems applicable to products which are more exposed to TF risks.

·Member States should continue to conduct thematic inspections, focusing on different areas depending on the sector/product. For on-site inspections in relevant companies in a particular sector, it is more efficient to select areas of risk than to conduct an overall inspection; this gives supervisors a clear picture of best practices and the most significant shortcomings.

·Provision of training and guidance on risk factors such as non-face-to-face business relationships or transactions, offshore professional intermediaries and customers, and complex or shell structures.

4.4.3.Non-financial sector and products — Designated non-financial businesses and professions

·Member States should ensure that competent authorities/self-regulatory bodies provide training and guidance on risk factors, with a specific focus on non-face to-face business relationships, offshore professional intermediaries and customers or jurisdictions, and complex or shell structures.

·Member States should ensure that self-regulatory bodies/competent authorities conduct thematic inspections on compliance with beneficial owner identification requirements.

·Competent authorities/self-regulatory bodies should provide Member States with annual reports on measures undertaken to assess the obliged entities’ compliance with their customer due diligence obligations, including beneficial owner requirements, suspicious transaction reports and internal controls.

·Member States should ensure that service providers offering advice to undertakings on capital structure, industrial strategy and related matters, and advice and services relating to mergers and the purchase of undertakings, comply with their beneficial owner obligations.

4.4.4.Gambling sector

·Competent authorities should put in place programmes to raise awareness among online gambling operators of the emerging risk factors that may affect the vulnerability of the sector, including the use of anonymous e-money and virtual currencies and the emergence of unauthorised online gambling operators. Feedback from FIUs on the quality of the suspicious transaction reports would improve the reporting and the use made of the information provided.

·In addition to training sessions, Member States should ensure adequate training focusing on appropriate risk assessments of relevant products/business models for staff, compliance officers and retailers.

4.4.5.Collection and transfers of funds through a non-profit organisation

·Member States should ensure that non-profit organisations are more involved in national risk assessments, especially as regards the possibility of de-risking by financial institutions.

·Member States should develop information and awareness-raising programmes on the risk of abuse of non-profit organisations and provide awareness-raising materials for them.

4.4.6.Professional football, free ports, investor citizenship and residence schemes

·Professional football – Member States should consider which actors should be covered by the obligation to report suspicious transactions and what requirements should apply to the control and registration of the origin of the account holders and the beneficiaries of funds.

·Free ports – Member States should implement independent, regular anti-money laundering audits of agreed free ports operators’ compliance functions and ensure adequate and consistent enforcement of the anti-money laundering procedures and oversight already enshrined in law.

·Investor citizenship and investor residence schemes – Member States should abolish investor citizenship schemes and thoroughly assess ML/TF risks in their investor residence schemes.

5.Conclusions

The Commission will continue to monitor the implementation of the recommendations of this supranational risk assessment and report again, in principle by 2024, in light of the changes that may be introduced to the current EU regulatory framework. The review will also assess how EU and national measures affect risk levels.

(1) FATF, National money laundering and terrorist financing risk assessment: https://www.fatf-gafi.org/documents/news/nationalmoneylaunderingandterroristfinancingriskassessment.html

(2) Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (Text with EEA relevance); OJ L 141, 5.6.2015, p. 73–117.

(3)

Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (Text with EEA relevance); OJ L 156, 19.6.2018, p. 43–74.

(4) COM(2017) 340 final.

(5) COM(2019) 370 final.

(6) Procedure described in the Methodology chapter, Annex 2 of the accompanying Staff Working Document SWD(2022)344.

(7) Communication from the Commission on an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing (2020/C 164/06); OJ C 164, 13.5.2020, p. 21–33.

(8) COM(2021) 423 final: https://ec.europa.eu/info/publications/210720-anti-money-laundering-countering-financing-terrorism_en

(9) For instance, in the assessments of Free Zones and Citizenship investment programmes and investor residence schemes.

(10) Court of Auditors, Special Report 13/2021 “EU efforts to fight money laundering in the banking sector are fragmented and implementation is insufficient”, 28.06.2021: https://www.eca.europa.eu/en/Pages/DocItem.aspx?did=58815 A detailed reference to this Special report can be found in the Methodology chapter, Annex 2 of the accompanying Staff Working Document.

(11) Stakeholders appear listed under point 8 of the in the Bibliography section, in Annex 5 of the accompanying Staff Working Document.

(12) The network of Financial Intelligence Units.

(13) As described by: http://www.fatf-gafi.org/publications/methodsandtrends/documents/covid-19-ml-tf.html https://www.fatf-gafi.org/media/fatf/documents/Update-COVID-19-Related-Money-Laundering-and-Terrorist-Financing-Risks.pdf https://www.europol.europa.eu/cms/sites/default/files/documents/pandemic_profiteering-how_criminals_exploit_the_covid-19_crisis.pdf

(14) Consolidated text: Council Regulation (EU) No 833/2014 of 31 July 2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02014R0833-20220722

(15) Council Regulation (EU) 2022/398 of 9 March 2022 amending Regulation (EC) No 765/2006 concerning restrictive measures in view of the situation in Belarus and the involvement of Belarus in the Russian aggression against Ukraine; OJ L 82, 9.3.2022, p. 1–8.Council Decision (CFSP) 2022/399 of 9 March 2022 amending Decision 2012/642/CFSP concerning restrictive measures in view of the situation in Belarus and the involvement of Belarus in the Russian aggression against Ukraine; OJ L 82, 9.3.2022, p. 9–13.

(16) https://ec.europa.eu/info/business-economy-euro/banking-and-finance/international-relations/restrictive-measures-sanctions/sanctions-adopted-following-russias-military-aggression-against-ukraine_en

(17) https://www.bloomberg.com/news/articles/2022-09-05/russia-risks-bigger-longer-sanctions-hit-internal-report-warns

(18) C(2022) 2028 final.

(19) This analysis is part of TOM – The Ownership Monitor, a joint-initiative by Transcrime and its spin-off Crime&tech: https://www.transcrime.it/en/stories/tom-the-ownership-monitor/

(20) The TOM study’s criteria is where the designated individuals “control at least 5% of the share capital, directly or indirectly”.

(21) Main non-EU countries used for company registration are British Virgin Islands and the Cayman Islands – but they represent only about 2% of all intermediate links: “Inside the matrioska: the firms controlled by sanctioned ‘oligarchs’ across European regions and sectors”, Transcrime, March 2022.

(22) This database contains information on more than 810 000 offshore entities that are part of the Pandora Papers, Paradise Papers, Bahamas Leaks, Panama Papers and Offshore Leaks investigations. The data links to people and companies in more than 200 countries and territories: https://offshoreleaks.icij.org/

(23) Council Regulation (EU) No 269/2014 of 17 March 2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine; OJ L 78, 17.3.2014, p. 6–15.

(24) In this regard, reference should be made to the Proposal for a COUNCIL DIRECTIVE laying down rules to prevent the misuse of shell entities for tax purposes and amending Directive 2011/16/EU; COM/2021/565 final.Also, The Commission and Member State tax authorities have set up a subgroup on tax enforcement in the ‘Freeze and Seize‘ Task Force to step up their efforts against sanctioned Russians and Belarusians individuals and companies, as well as their associates: https://taxation-customs.ec.europa.eu/news/state-tax-authorities-step-tax-enforcement-efforts-support-freeze-and-seize-task-force-2022-06-08_en

(25) Efforts are in the phase of being stepped up against using shell companies laying down rules in the Commissions proposed Council Directive to prevent the misuse of shell entities for tax purposes (COM/2021/565 final).

(26) Credit and financial institutions, money remitters, currency exchange offices, high value goods and assets dealers, estate agents, trust and company service providers, auditors, external accountants and tax advisors, notaries and other independent legal professionals, and gambling service providers.

(27) These other product and services are commonly covered by national risk assessments all over the world. They include the category of cash-related products, and also virtual currencies, crowdfunding and non-profit organisations. As with the previous (2019) SNRA certain informal means, such as those used by Hawala and other informal value transfer service providers, professional football, free ports, and investor citizenship and residence schemes have also been assessed.

(28) COM(2019) 370 final.

(29) COM(2017) 340 final.

(30) “The paradox of banknotes: understanding the demand for cash beyond transactional use”, ECB Economic Bulletin, Issue 2/2021. Also, “Cash still king in times of COVID-19”, Keynote speech by Fabio Panetta, Member of the Executive Board of the ECB, at the Deutsche Bundesbank’s 5th International Cash Conference – “Cash in times of turmoil”: https://www.ecb.europa.eu/press/key/date/2021/html/ecb.sp210615~05b32c4e55.en.html

(31) In Regulation 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005 OJ L 284, 12.11.2018, p. 6–21, ‘cash’, is defined as comprising four categories: currency, bearer-negotiable instruments, commodities used as highly-liquid stores of value and prepaid cards. For the moment prepaid cards are not covered. However, if there is strong evidence that prepaid cards are being used to transfer value across the EU borders circumventing the legislation then a delegated act might be adopted to include prepaid cards.

(32) Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005; OJ L 284, 12.11.2018, p. 6–21.

(33) Communication from the Commission on an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing, C/2020/2800, OJ C 164, 13.5.2020, p. 21–33.

(34) COM(2021) 420 final.

(35) These structural problems are addressed by the 2021 AML/CFT Commission’s proposal: https://ec.europa.eu/info/publications/210720-anti-money-laundering-countering-financing-terrorism_en

(36)

This is in line with the EBA’s findings in its first report on competent authorities’ approaches to the AML/CFT supervision of banks which was published in 2020. There is a risk that, in the absence of adequate risk assessments, competent authorities may fail to identify, and act upon, ML/TF risks to which their sector is exposed.

(37) Opinion on risks of money laundering and terrorist financing (ML/TF) affecting the European Union’s financial sector; European Banking Authority (EBA), 3.3.2021, EBA/Op/2021/04: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Opinions/2021/963685/Opinion%20on%20MLTF%20risks.pdf This is the third Opinion on the risks of ML/TF affecting the European Union’s financial sector. The EBA issued it as part of its new mandate to lead, coordinate and monitor the fight against ML/TF in the financial system at the EU level. The European Securities and Markets Authority (ESMA) and European Insurance and Occupational Pensions Authority (EIOPA) were closely involved in the process.

(38) In light of the evolution of cross-sectoral risks. These include risks associated with virtual currencies, new technologies (FinTech and RegTech), terrorist financing, risks arising from the withdrawal of the United Kingdom from the EU and de-risking. As explained in detail in chapter 3.1. of the EBA’s report.

(39)

Risks addressed by the Commission’s Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on Markets in Crypto-assets, and amending Directive (EU) 2019/1937, COM/2020/593 final.

(40) Those Commission proposals addressing these issues are detailed in the relevant sections of the accompanying Staff Working Document.

(41) For a detailed explanation, consult in the Staff Working Document the sections assessing ‘Retail and institutional investment sector’ and ‘Nominees’.

(42) Refer, for all, to INTERPOL, RHIPTO, and the Global Initiative Against Transnational Organized Crime: World Atlas of illicit flows, 2018: https://www.interpol.int/ar/content/download/14080/file/World%20Atlas%20of%20Illicit%20Flows-1.pdf

(43) COM/2021/170 final.

(44) Professional companies offering services of accountants, auditors, advisors, and tax advisors as well as notaries and other independent legal professionals – as described in the relevant assessments in Annex 1 of the accompanying Staff Working Document.

(45) DNFBP stands for „Designated Non-Financial Business and Professions“(DNFBP). Certain types of „non-financial“ businesses, that have been identified as being susceptible to money laundering and terrorist financing due to the nature of their business and the transactions with activity that they may conduct.

(46) European Commission, Directorate-General for Taxation and Customs Union, Monitoring the amount of wealth hidden by individuals in international financial centres and impact of recent internationally agreed standards on tax transparency on the fight against tax evasion: final report, Publications Office, 2021: https://data.europa.eu/doi/10.2778/291262

(47) For instance, FAFT and Egmont Group, Concealment of Beneficial Ownership, p. 26, July 2018.

(48) An omnibus account allows for managed trades of more than one person, and allows for anonymity of the persons in the account.

(49) In transposition of Article 30 of Directive (EU) 2015/849.

(50) Directive (EU) 2019/1151 as regards the use of digital tools and processes in company law. The Commission is also preparing a new initiative in the context of company law aimed, among other things, to include ex ante checks on companies in all Member States.

(51) Money launderers may use the digital sale of these tokens in the same way they use physical sales. Illegal money may be used to purchase and then sell them, thus cleaning the dirty money. As an example: https://archive-yaleglobal.yale.edu/content/money-laundering-video-games-financial-times

(52) ‘A legal person or arrangement or organisation that primarily engages in raising or disbursing funds for purposes such as charitable, religious, cultural, educational, social or fraternal purposes, or for the carrying out of other types of “good works”: http://www.fatf-gafi.org/media/fatf/documents/reports/BPP-combating-abuse-non-profitorganisations.pdf

(53) Where a financial institution takes a decision to refuse to enter into, or to terminate, business relationships with individual customers or categories of customers associated with higher ML/TF risk, or to refuse to carry out higher ML/TF risk transactions, this is referred to as ‘de-risking’. According to the Opinion of the European Banking Authority on ‘de-risking’, EBA/Op/2022/01), de-risking can be a legitimate risk management tool, but it can also be a sign of ineffective ML/TF risk management, with possible severe consequences. EBA considers that its regulatory guidance on how to manage ML/TF risks, if applied correctly, should help avert unwarranted de-risking: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Opinions/2022/Opinion%20on%20de-risking%20%28EBA-Op-2022-01%29/1025705/EBA%20Opinion%20and%20annexed%20report%20on%20de-risking.pdf

(54) https://www.taxobservatory.eu/repository/the-new-luxury-freeports-offshore-storage-tax-avoidance-and-invisible-art/

(55) The proposal aims to widen the scope of obliged entities who trade and store art to customs warehouses.

(56) On 20 October 2020 the European Commission launched infringement procedures against Cyprus and Malta by issuing letters of formal notice regarding their investor citizenship schemes. The Commission also wrote to Bulgaria about its investor citizenship scheme in October 2020.

(57) Article 4(3) TFEU.

(58) Article 20 TFEU.

(59) Report from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, ‘Investor citizenship and residence schemes in the EU’, 23.1.2019, COM(2019) 12 final: https://ec.europa.eu/info/files/report-commission-european-parliament-council-european-economic-and-social-committee-and-committee-regions-investor-citizenship-and-residence-schemes-european-union_en

(60) Malta. However, in March 2022 Malta temporarily suspended, until further notice, its scheme for Russian and Belarusian nationals. Bulgaria abolished its citizenship by investment programme in March 2022, which became effective in April 2022. Cyprus suspended its citizenship for investment scheme in 2020 and finished handling all pending applications in 2021.

(61) https://ec.europa.eu/commission/presscorner/detail/en/IP_22_2068

(62) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, 20.7.2021, COM(2021) 420 final.

(63) Commission Recommendation of 28.3.2022 on immediate steps in the context of the Russian invasion of Ukraine in relation to investor citizenship schemes and investor residence schemes; C(2022) 2028 final.

(64) At the moment of the preparation of this report all member States have reported full transposition.

(65) Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005, OJ L 284, 12.11.2018, p. 6–21.

(66) Directive (EU) 2018/1673 of the European Parliament and of the Council of 23 October 2018 on combating money laundering by criminal law, OJ L 284, 12.11.2018, p. 22–30.

(67) Regulation (EU) 2019/880 of the European Parliament and of the Council of 17 April 2019 on the introduction and the import of cultural goods; OJ L 151, 7.6.2019, p. 1–14.

(68) Directive (EU) 2019/1153 of the European Parliament and of the Council of 20 June 2019 laying down rules facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of certain criminal offences, and repealing Council Decision 2000/642/JHA, OJ L 186, 11.7.2019, p. 122–137.

(69)

Regulation (EU) 2019/2175 of the European Parliament and of the Council of 18 December 2019 amending Regulation (EU) No 1093/2010 establishing a European Supervisory Authority (European Banking Authority), Regulation (EU) No 1094/2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), Regulation (EU) No 1095/2010 establishing a European Supervisory Authority (European Securities and Markets Authority), Regulation (EU) No 600/2014 on markets in financial instruments, Regulation (EU) 2016/1011 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds, and Regulation (EU) 2015/847 on information accompanying transfers of funds (Text with EEA relevance); OJ L 334, 27.12.2019, p. 1–145.

(70)

Directive (EU) 2019/2177 of the European Parliament and of the Council of 18 December 2019 amending Directive 2009/138/EC on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II), Directive 2014/65/EU on markets in financial instruments and Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money-laundering or terrorist financing (Text with EEA relevance); OJ L 334, 27.12.2019, p. 155–163.

(71)

Directive (EU) 2019/878 of the European Parliament and of the Council of 20 May 2019 amending Directive 2013/36/EU as regards exempted entities, financial holding companies, mixed financial holding companies, remuneration, supervisory measures and powers and capital conservation measures (Text with EEA relevance); OJ L 150, 7.6.2019, p. 253–295.

(72)

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) 1094/2010, (EU) 1095/2010, COM/2021/421 final.

(73) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, COM/2021/420 final.

(74)

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849, COM/2021/423 final.

(75)

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on information accompanying transfers of funds and certain crypto-assets (recast), COM/2021/422 final.

(76) Training manuals can be found here: https://ec.europa.eu/info/publications/aml-CFT-lawyers-training-manuals_en

(77) https://ec.europa.eu/info/business-economy-euro/euro-area/anti-counterfeiting/pericles-iv-programme_en

(78) In March 2021 The European Banking Authority (EBA) published three regulatory instruments to address de-risking practices based on evidence gathered in its call for input: https://www.eba.europa.eu/eba-takes-steps-address-%E2%80%98de-risking%E2%80%99-practices

(79) Opinion of the European Banking Authority on the future AML/CFT framework in the EU, EBA/OP/2020/14: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Opinions/2020/931092/Opinion%20on%20the%20future%20AML%20CFT%20framework%20in%20the%20EU.pdf

(80) https://www.eba.europa.eu/eba-publishes-guidelines-role-and-responsibilities-amlcft-compliance-officer

(81) Portugal and Romania are yet to send their national risk assessments to the Commission. National risk assessments have also been received from Iceland, and Norway.

(82) In September 2020 the European Commission adopted a report assessing whether Member States have duly identified and made subject to the obligations of Directive (EU) 2015/849 all trusts and similar legal arrangements governed under their laws: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52020DC0560

(83) Consult pp. 19–20 of the Opinion.

(84) As stated by EBA’s Opinion under section 4.2.2, “Quality of controls”.

(85) Some recommendations are reiterated here in the context of specific sectors.

(86) For more details on the recommendations by product/service, see the accompanying Staff Working Document.