Report on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities

Report on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities

IMMC.SWD%282022%29344%20final.ENG.xhtml.2_EN_autre_document_travail_service_part1_v3.docx
EUROPEAN COMMISSION

Brussels, 27.10.2022

SWD(2022) 344 final

COMMISSION STAFF WORKING DOCUMENT

Accompanying the document

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL


on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities

{COM(2022) 554 final}


Table of Contents

INTRODUCTION3

ANNEX 1 – RISK ANALYSIS BY PRODUCT/SECTOR5

I.CASH -RELATED PRODUCTS6

1. Cash couriers6

2. Cash intensive business14

3. High value banknotes22

4. Payments in cash27

5. Privately owned ATMs33

II.FINANCIAL SECTOR37

1. Retail banking sector (formerly “Deposits on accounts”) 37

2. Retail and Institutional investment sector (formerly “Institutional investment sector — Banking”) 43

3. Corporate banking sector48

4. Private banking sector51

5. Crowdfunding54

6. Currency exchange60

7. E-money65

8. Transfers of funds and money remittance (formerly “Transfers of funds”) 74

9. Illegal transfers of funds — Hawala81

10. Payment services86

11. Crypto-assets (formerly “Virtual currencies and other virtual assets”) 94

12. Business loans104

13. Consumer credit and low-value loans107

14. Mortgage credit and high-value asset-backed credits112

15. Life insurance116

16. Non-life insurance121

17. Safe custody services125

III.NON-FINANCIAL SECTOR129

1. Trusts129

2. Nominees138

3. Companies144

4. High value goods – artefacts and antiquities153

5. High value assets – Precious metals and precious stones164

6. High value assets – other than precious metals and stones171

7. Couriers in precious metals and stones175

8. Investment real estate179

9. Services provided by accountants, auditors, advisors, and tax advisors185

10. Legal services from notaries and other independent legal professionals194

IV.GAMBLING201

1. Betting203

2. Bingo209

3. Casinos212

4. Gaming machines (outside casinos) 217

5. Lotteries222

6. Poker 226

7. Online gambling230

V.NON-PROFIT ORGANISATIONS (NPO) 238

1.Collection and transfers of funds through a NPO238

VI.PROFESSIONAL SPORTS247

1.Investments in professional football and transfer agreements247

VII.FREE-TRADE ZONES256

1.Free Zones256

VIII.CITIZENSHIP-RESIDENCE265

1.Investor citizenship and residence schemes265

RISK MATRIX BY PRODUCT/SECTOR – Comparative table 2017-2019-2022 275

ANNEX 2 – METHODOLOGY277

ANNEX 3 – EU LEGAL FRAMEWORK 288

ANNEX 4 – GLOSSARY291

ANNEX 5 – BIBLIOGRAPHY294

1. INTRODUCTION

This Supra-National Risk Assessment (SNRA) follows the methodology 1 used for the 2017 and 2019 SNRAs, which provides a systematic analysis of the money laundering and terrorist financing risks linked to the methods used by perpetrators. The aim is to identify circumstances in which services and products in a given sector could be abused for money laundering (ML) or terrorist financing (TF) purposes, without passing judgement on the sector as a whole.

As with its previous editions, this SNRA focuses on vulnerabilities at EU level, in terms of both the legal framework and its effective application. It presents the main risks for the internal market in a wide range of sectors and the horizontal vulnerabilities that can affect those sectors.

This report sets out mitigating measures that should be taken at EU and national level to address the risks and makes a number of recommendations for the various actors concerned. It does not prejudge the mitigating measures that some Member States have taken or may decide to take in response to national ML/TF risks. The mitigating measures in this report should therefore be considered a baseline that can be adapted, depending on the national measures already in place.

Under Article 6(4) of Directive 2015/849 (‘the 4th Anti-Money Laundering Directive’) as modified by Directive 2018/843 (‘the 5th Anti-Money Laundering Directive’), hereby ‘the Anti-Money Laundering Directive’ or ‘the AMLD’, if Member States decide not to apply any of the previous SNRA recommendations, they should notify the Commission of their decision and provide a justification for it (‘comply or explain’). No such notification was received to date by the Commission.

Process followed for the 3rd edition of the Commission SNRA

The Commission has built this third edition of the SNRA updating the analysis and conclusions of its second edition as well as further consulting individual experts, private stakeholders (representative organizations at EU level) and national authorities. These consultations have taken place from 2020 to 2022.

The Commission also consulted other regulatory agencies and national authorities, such as Europol, the European supervisory authorities (ESAs) and the FIUs’ Platform (FIUnet) 2 .

The purpose of this consultation exercise was twofold: to follow up on the recommendations made in the 2019 SNRA and to update and further fine-tune its analysis and conclusions, mainly as regards quantitative data and perceived risk levels.

Finally, given the evolving nature of ML/TF threats and vulnerabilities, the SNRA takes an integrated approach to assessing the effectiveness of national AML/CFT arrangements.

In order to monitor their compliance with EU requirements, their implementation and their preventive capacity, the Commission assessment takes due account of national risk assessments (NRAs) produced by the Member States to ensure the proper identification and mitigation of specific national risks 3 .

Individual sectors are also assessed taking stock of their relevant risk factors, including those relating to specific customers, countries, products, services, transactions and delivery channels.

These three layers (supranational, national and sectoral) of risk assessment, along with risk mitigation, where appropriate feed into a comprehensive awareness and analysis of ML/TF risks in the EU in which different layers complement each other and are equally relevant.

The Commission draws on and complements national and sectoral assessments by assessing risks that affect the Union internal market and are related to cross border activities.

During this exercise Commission analysis has also benefited from the audit conducted by the European Court of Auditors (ECA) during 2019-2020. This audit has led to the adoption by the ECA of a special report 4 .

The conclusions of the ECA report as well as the methodology followed by the Commission in its SNRAs are further discussed under Annex 2 (“Methodology”).

The legal framework

The risk assessment needs to provide a snapshot of the money laundering and terrorist financing risks and requires a clear-cut timing. The assessment of risks affecting the EU was carried out at a time when the relevant legislative framework was the 4th Anti-money Laundering Directive as modified by the 5th Anti-Money Laundering Directive. Transposition deadline for the latter elapsed on January 20, 2020. At the time of drafting this report, all Member States save the Netherlands have declared a complete transposition.

While the main EU instrument is the Anti-money Laundering Directive, the Union’s anti- Money Laundering and Countering Terrorist Financing legal framework is complemented by other EU legislation. An indicative list is attached in Annex 3.

In addition, an index of abbreviations used in the risk analysis is attached in Annex 4 and a bibliography in Annex 5.

ANNEX 1 – RISK ANALYSIS BY PRODUCT/SECTOR

This SNRA has followed a specific methodology involving systematic analysis of the ML/TF risks linked to perpetrators’ methods. The aim is to identify the circumstances under which the services and products a given sector provides could be abused for ML/TF purposes (without passing judgment on a sector as a whole). Methodology is presented in detail in Annex 2.

It is based on Directive (EU) 2015/849 (4th Anti-money Laundering Directive) as modified by Directive (EU) 2018/843 (the AMLD).

Each risk is rated for threat and vulnerability. The ratings are on a scale from 1 to 4 and coloured for easy identification as follows:

1)low significance – value: 1,

2)moderately significant – value: 2,

3)significant – value: 3,

4)very significant – value: 4,

The ratings were used only to summarise the analysis. They should not be considered in isolation from the factual description of the risk.

The final (or residual) risk level is ultimately determined by combination between the threat versus vulnerability. The risk matrix determining this risk level is based on a weighting of 40% (threat) + 60% (vulnerability) – assuming that the vulnerability component has more capacity in determining the risk level.

The risk matrix:

T

h

r

e

a

t

Very significant

2,2

2,8

3,4

4

Significant

1,8

2,4

3

3,6

Moderately significant

1,4

2

2,6

3,2

Lowly significant

1

1,6

2,2

2,8

Lowly significant

Moderately significant

Significant

Very significant

Vulnerability

Then, the residual risk level is presented for every product/sector in a graded table:

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

CASH-RELATED PRODUCTS

1. Cash couriers

Product

Cash couriers / cross external border cash movements

Sector

This assessment covers the supranational risks – i.e. cash entering/leaving the European Union at the EU external borders.

Since 15 June 2007, movements of cash entering or leaving the EU had been governed by Regulation 1889/2005, which implements Recommendation 32 of FATF on cash couriers at EU level. That Regulation is an integral part of the EU’s Anti-Money Laundering and Terrorist Financing framework. As part of the European Agenda on Security and Action Plan for strengthening the fight against terrorist financing, the Commission adopted a proposal for a Cash Controls Regulation in December 2016. Regulation (EU) 2018/1672 5 was adopted in October 2018 and has entered into application on 3rd June 2021 (the new Cash Controls Regulation).

Regulation 1889/2005 established a uniform EU approach towards cash controls based on a mandatory declaration system. If a natural person entering or leaving the EU (including transiting) with cash of a value of EUR 10 000 or more, they should declare them to the relevant customs authorities. The EUR 10 000 threshold is considered high enough not to burden the majority of travellers and traders with disproportionate administrative formalities. However, when there were indications of illegal activities linked with movements of cash lower than EUR 10 000, the collecting and recording of information related to these movements was also authorised. This provision was introduced in order to limit the practice of ’smurfing‘ or ’structuring‘, the practice of deliberately carrying amounts lower than the threshold with the intention to escape the obligation to declare (e.g. splitting the amount between different connected persons from a same group/family).

In keeping with the latest developments in international standards on combating money laundering and terrorism financing developed by the FATF, the new Cash Controls Regulation has significantly beefed up controls both in terms of scope and in terms of authorities’ powers:

·In terms of scope, under the new Cash Controls Regulation, the definition of cash has been extended to cover not only currency and bearer negotiable instruments (e.g. cheques or money orders) but also commodities used as highlyliquid stores of value such as gold. Its scope was also extended to cover cash that is sent by post, freight or courier shipment;

·The new Cash Controls Regulation also provides for the obligation for any traveller entering or leaving the EU and carrying cash to a value of EUR 10 000 or more to declare it to the customs authorities. The declaration is required irrespective of whether travellers are carrying the cash in person, in their luggage or means of transport and the cash has to be made available for control;

·Moreover, where the cash is sent by other means (“unaccompanied cash”), the relevant authorities have the power to ask the sender or the recipient to make a disclosure declaration. The authorities are able to carry out controls on any consignments, packages or means of transport which may contain unaccompanied cash.

·The new Cash Controls Regulation enables Customs authorities to act on amounts lower than the threshold of EUR 10 000, where there are indications that cash is related to criminal activity.

In addition, the Regulation further enhances coordination of actions across authorities:

·The new Regulation improves the exchange of information between authorities (Customs and Financial Intelligence Units) and Member States 6 .

·In case where there are indications that cash is related to criminal activity which could adversely affect the financial interests of the EU, this information is also transmitted to the European Commission, the European Public Prosecutor’s Office and to Europol, where they are competent to act;

·The new Cash Controls Regulation provides in its Article 5(4) that the risk assessments produced by the Commission and by national Financial Intelligence Units (FIUs) will be taken into account when establishing the common risk management framework for performing controls.

The new Cash Controls Regulation does not prevent Member States from providing additional national controls on movements of cash within the Union under their national law, provided that these controls are in accordance with the Union’s fundamental freedoms.

Before the pandemic, per year on average there were around 110 000 cash cases, representing a total amount of around EUR 55 billion. Customs controls detected around 13 000 cases where cash was not declared or was incorrectly declared representing around EUR 364 million per year.

As of the second quarter of 2020, due to the pandemic, travel was severely disrupted and, consequently also the physical movement of cash resulting to lower values of cash controls declarations (and non- declared cash or incorrect declarations) than the previous years.

For 2020, there were almost 57 000 cash cases, representing a total amount of around EUR 37 billion. Customs controls detected almost 9 000 cases where cash was not declared or was incorrectly declared representing around EUR 245 million.

Description of the risk scenario

This risk scenario is intrinsically linked to use of/payment in cash and to high value denomination banknotes risk scenario 7 .

Criminals or terrorist financiers who generate/accumulate cash proceeds seek to aggregate and move these profits from their source, either to repatriate funds or to move them to locations where access to placement in the legal economy is easier. This includes locations characterised by a predominant use of cash, more lax supervision of the financial system or stronger bank secrecy regulations. Terrorists may also transfer rapidly and safely funds from one location to another, including by using cash concealed in air transit.

Cash couriers may use air, sea, road or rail transport to cross an EU external border. In addition, cash may be moved across external borders unaccompanied such as in containerised or other forms of cargo, or concealed in mail or post parcels. To move very large amounts of cash, perpetrators often conceal it in cargo that can be containerised or otherwise transported across borders.

Perpetrators may also use sophisticated concealment methods of cash within goods which are either carried across the external border by a courier or are sent by regular mail or post parcel services. Although unaccompanied consignments (except cargo) tend to be smaller than those secreted within vehicles, or on the person of cash couriers, the use of high denomination banknotes can still result in seizures of significant value.

On the other hand, the seizure of large amounts of cash within EU is also possible. It is not only important to control EU external borders, but also the intra-EU transportation of cash. This fact is relevant because of the different intra-EU rules that Member States have regarding the use of cash to, for instance, purchase goods, deposit in bank accounts, etc. Additionally, the external borders are not monitored with the same efficiency level. Criminals know that fact, and they try to cross the most permeable borders with cash, even if they have to drive thousands of kilometres within EU. National thresholds of intra-EU movements of cash exist in some Member States: in Spain, for instance, it is EUR 100 000 for internal travel and EUR 10 000 when crossing borders.

Example: Cash generated by criminal activities laundered by the purchase of high value goods and properties (Europol Report “Why is cash still king”)

Money from the sale of drugs was collected in Member State 1 and its laundering was orchestrated through the movement of cash by couriers acting as mules from Member States 1 to Member States 2, where cash was used to buy gold. Thereafter, gold was transported to and made into jewellery in a third country. A key organiser admitted laundering EUR 36 million since 2010 and sending 200 kg of gold from EU to the third country. The network collected about EUR 170 million per year.

A cash payment threshold in Member State 2 would have reduced the profitability of this criminal scheme (as intermediaries have to be paid and multiplying transactions to change cash into gold by non-professional would have aroused more suspicion).

Threat

Terrorist financing

Terrorist groups have made use of various techniques to move physical cash across the external borders, particularly in the case of larger organisations. This includes the following:

·The threat is particularly relevant for cash couriers from the EU to third countries. Law enforcement authorities have seized large amounts of money in conflicts zones that was supposed to finance terrorist organisations;

·Cases have been identified where (prospective) foreign terrorist fighters doubled as cash couriers to fund their travels and sojourn in conflict areas. These individuals typically carry lower amounts that are more difficult to detect and may not be subject to an obligation to declare incumbent on natural persons carrying EUR 10 000 Euro or more is cash. As it allows for anonymity, this modus operandi is perceived as attractive and fairly secure, despite still carrying some risks. That is the reason why this modus operandi shall also be considered in conjunction with the analysis of high denomination banknotes. The more high denomination banknotes are used, the easier the cash transportation is – although risks associated with acquiring high denomination notes (not readily available) may not outweigh the benefit of additional compactness. Cash transportation has been a recurring modus operandi for terrorist groups in Syria– although the average amounts carried by a foreign fighter leaving the EU may not be significant compared to locally available funds;

·The threat of cash transportation into the EU from a third country may also exist, in particular from countries exposed to TF risks or conflict areas (e.g. cash couriers from Syria, Gulf region, Russia into the EU have been reported). There are limited indications of high-value movements of cash into the Union (i.e. much in excess of the declaration threshold) for the purposes of terrorism financing. Cases have been identified concerning lower amounts and involving integration of cash amounts carried from third countries into the financial system/legal economy of the EU (analysed separately below).

From a perpetrator risk-management perspective, sending cash through post or freight consignments, using multiple consignments each containing lower amounts presents a theoretically attractive option as there is no courier physically crossing the external border carrying the cash who could be intercepted. While customs controls may take place, these do not allow for the capture of all relevant data.

Finally, perpetrators may also have an incentive to convert cash in other types of anonymous assets which are not subject to cash declarations (e.g. prepaid cards) 8 .

Conclusions: LEAs have gathered evidence that cash couriers are recurrently used by terrorist groups to finance their activities or fund FTF travels. Similarly to the analysis conducted on cash, the use by criminal elements or terrorist financiers of cash couriers present advantages since this modus operandi is easily accessible, with no specific planning or expertise required. In that context, the level of TF threat related to cash couriers is considered as very significant (level 4).

Money laundering

Threats posed by cash couriers have been documented in the FATF Report: Money laundering through the physical transportation of cash (October 2015) 9 .

That report points to physical transportation of cash across an international border, as ‚one of the oldest and most basic forms of money laundering‘. Transportation of cash is also used for terrorist financing 10 . Although there is no reliable data on the amount of money ‘laundered’ in this way, the report estimated its volume to be between ‚hundreds of billions and a trillion US dollars per year‘. The report explains that the most frequently encountered and ‚laundered‘ currencies are stable and widely used currencies such as the US dollar, the euro, the Swiss franc and the British pound, usually, with high denomination notes used. The report also highlights that criminals exploit the existing cash declaration systems mechanisms, for example, by ‚reusing cash declarations several times for the same purpose‘ 11 .

In the above-mentioned 2015 Europol report “Why cash is still king?”, law enforcement investigations confirm that cash, and in particular high denomination notes, are commonly used by criminal groups as a facilitator for money laundering. Operations have revealed huge sums of cash moved and stashed by criminals which are steadily invested and integrated in the legal economy in a multitude of ways which rid them of bulky cash holdings at risk of being confiscated. These methods require an army of criminal associates and complicit or negligent gatekeepers to ensure that their insertion in the legal economy doesn’t arouse suspicion.

In the EU, the use of cash is still the main reason triggering suspicious transaction reports within the financial system, accounting for 34% of all reports.

Criminals who generate cash proceeds seek to aggregate and move these profits from their source, either to repatriate funds or to move them to locations where access to placement in the legal economy is easier (in particular due to the predominant use of cash in some jurisdictions’ economies, more lax supervision of the financial system or stronger banking secrecy regulations, or because criminals may have greater influence in the economic and political establishment).

Cash smuggling may occur at other stages and is also used by non-cash generating offences. For example cybercrimes such as phishing and hacking make use of money mules to receive and withdraw sums fraudulently obtained from victims’ bank accounts in cash. These funds are thereafter sent via wire transfer to other jurisdictions where they are collected in cash by a select number of individuals, likely for onward transportation.

Since 2017, cash has remained a relevant threat in regard to money laundering. European investigations indicate that movements of cash inside the EU and outside are associated with criminal offences. The most relevant crime area is drug trafficking 12 . Drug related cash proceeds generated through the sales and distribution of predominantly cocaine and hashish are accumulated and received by the designated collectors working for a money laundering controller network. The money laundering controller networks provide money laundering as a service -cash out, cash in and payment for third parties- to any criminal organisation that approaches them. They offer similar services than financial institutions do, but outside of the regulated financial framework.

The drug trafficking organizations (DTO) then engage with money laundering controller networks(traditionally outside of the EU)these controllers charge a commission for facilitating towards the DTOs the value of their proceeds. The money laundering controller networks dispose of their own cash pool in different countries operated by coordinators and cash collectors. After the arrangement is made, the cash collectors deliver the cash proceeds to the designated intermediaries. From there the cash starts moving, crossing the EU towards the designated exit point (still within the EU) or exiting directly the EU. The current legal framework in the EU has significantly hindered the opportunities for introducing into the financial system large amount of illegal drug proceeds. Because of this, money is used in Trade-Based Money Laundering (TBML) schemes 13 or is transported out of the EU towards “cash friendlier” jurisdictions. Turkey, Dubai and Beirut have in the last years shown steady presence as preferred cash destinations and growing financial hubs in the EU.

The use of cash, sometimes in conjunction with other tools such as trade-based transactions, crypto currencies and hawala, is also an essential part of the drug trade, all the way from street level to purchase in production countries.

Europol Financial Intelligence Public Private Partnership (EFIPPP) information extracted from typologies:

Traffic of human beings: Organised crime groups involved in this traffic send cash/invest illegal profits in the country of origin: using cash couriers and Money Service Businesses (MSBs)(Western Union, MoneyGram) and / or invest in real estate, luxury vehicles and cash intensive businesses. In case of use of cash couriers: difficulty in financial detection.

Illegal trade: Related to drugs, organised networks of ‘collectors’ physically gather and transport criminal proceeds in the form of cash, precious metals and jewellery.

Match-fixing/betting: a ML indicator is the widespread use of cash couriers, MSBs and increasingly e-wallets payment service providers to transfer the proceeds of crime linked to sports corruption cases and to fuel online betting accounts for large-scale match-fixing operations.

ML Controller Networks: the movement of value by cash couriers is one of the techniques mentioned. Cash carriers collect the ill-gotten funds –usually cash- to be transported to the required destination.

Conclusions: the level of ML threat related to cash couriers is considered as very significant (level 4)

Vulnerability

Terrorist financing

a)Risk exposure

The cash couriers are associated with the threat of the large denomination banknotes: 500 (no longer issued since April 2019) and 200 Euro. The assessment of the TF vulnerability related to cash couriers shows that due to the nature of cash, the use of cash couriers allows significant volumes of transactions/transportation to take place speedily and anonymously.

The cross-border aspect of this modus operandi increases the risk to involve geographical areas identified as high risks

b)Risk awareness

The legislation in place (mandatory cash declarations by natural persons at the external borders of the EU) has increased the risk awareness, at least as far as persons are concerned.

Risk awareness exists for unaccompanied cash transportation, which is now covered by the new Cash Control Regulation – but is more limited.

c) Legal framework and checks

There are controls in place through the mandatory declaration of cash transportation at the EU external borders 14 . Under the new Cash Controls Regulation these controls are extended to cash sent in postal parcels or freight shipments, and to commodities used as highly- liquid stores of value such as gold, which were not previously subject to cash controls. This legislation has also increased the risk awareness.

Where unaccompanied cash is concerned (cash sent through consignments or parcels) the new Cash Controls Regulation enables the competent authorities to request the sender or the recipient, as the case may be, to make a disclosure declaration The authorities will also have the power to carry out controls on any consignments, receptacles or means of transport which may contain unaccompanied cash.. The declarations and disclosure declarations are done in writing or electronically using a standard form. These cash declarations allow for more effective reporting to the FIUs.

Conclusions: The risk exposure related to cash couriers by physical persons is intrinsically linked to the cash based activity (large volume, anonymity, speediness) – which is exacerbated by the fact that – especially within a terrorism context – the individual couriers often carry amounts below the declarative threshold. While the volume of cash couriers may be more important than for unaccompanied shipping, risk awareness and controls are in place.

The use of cash couriers or methods to ship in/out of the EU unaccompanied cash coupled with the anonymity of cash and (at least with respect to unaccompanied cash) an imperfect control mechanism presents a significant challenge. While the volume of unaccompanied cash shipped in/out the EU is probably lower than for accompanied cash couriers, the risk awareness and controls of the latter pose a greater challenge.

In that context, the level of TF vulnerability related to cash couriers by natural persons is considered as significant (level 3). The level of TF vulnerability related to post/freight is considered as very significant considering the controls/legal framework in place, more than the inherent risk exposure (level 4).

Money laundering

a)Risk exposure

The risk exposure is intrinsically linked to the cash based activity (anonymity, speediness). Hence the risk exposure is particularly important for this modus operandi.

b)Risk awareness

The legislation in place (mandatory cash declarations at the external borders for cash carried by natural persons) has increased the risk awareness, at least as far as persons are concerned.

Risk awareness exists for unaccompanied physical cash transportation – but is more limited with regard to shipping/freight/couriers.

c)Legal framework and checks

Similarly to TF, there are controls in place through the mandatory declaration of cash transportation at the EU external borders (Cash Controls Regulation) by natural persons.

These cash declarations allow an easier detection of suspicious transactions and are reported to the FIUs (although shortcomings in information sharing exist and enforcement in application may also vary between Member States).

Where unaccompanied cash is concerned (cash sent through consignments or parcels) the new Regulation allows the competent authorities to carry out risk analysis and concentrate their efforts on shipments deemed to present the highest risk, while not imposing systematic additional formalities. The disclosure obligation is subject to a threshold identical to that for cash carried by natural persons.

Conclusion: The risk exposure related to cash couriers by physical persons is intrinsically linked to the cash based activity (large volume, anonymity, speediness). While the volume of cash couriers may be more important, the risk awareness and the controls in place exist. The use of cash couriers or methods to ship in/out of the EU unaccompanied cash coupled with the anonymity of cash and (at least with respect to unaccompanied cash) an imperfect control mechanism presents a significant challenge. While the volume of unaccompanied cash shipped in/out the EU is probably lower than for accompanied cash couriers, the risk awareness and controls in place pose a greater challenge. In that context, the level of ML vulnerability related to cash couriers by natural persons is considered as significant (level 3) and by post/freight is considered as very significant (level 4).

Risk level

As regards terrorist financing, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as very significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant/very significant (level 4).

RISK

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both, terrorist financing and money laundering is VERY HIGH.

Mitigating measures

The new Cash Controls Regulation, applicable from 3 June 2021, has reinforced the existing rules on cash movements:

·It enables authorities to act on amounts lower than the declaration threshold of EUR 10 000, where there are indications that cash is related to criminal activity;

·Improves the exchange of information between authorities and Member States;

·Enables competent authorities to demand disclosure for cash sent in unaccompanied consignments such as cash sent in postal parcels or freight shipments;

·Extends the definition of ‚cash‘ to also include commodities used as highlyliquid stores of value such as gold.

For the Member States:

·Given the difficulties caused by non-harmonised intra-EU movements of cash rules, Member States could consider aligning those national thresholds.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol. In particular, relevant authorities in Member States should consider reporting to Europol the cash seizures and related information (destination/origin/type of banknotes…) 15 .

2. Cash intensive business

Product

Cash intensive business

Sector

Cash intensive businesses include bars, restaurants, constructions companies, motor vehicle retailers, car washes, art and antique dealers, auction houses, pawnshops, jewelleries, textile retail, liquor and tobacco stores, retail/night shops, gambling services, strip clubs, massage parlours.

An insightful description of the use of cash features in European Central Bank’s report “Trends and developments in the use of euro cash over the past ten years” 16 (published as part of the ECB Economic Bulletin, Issue 6/2018) 17 . In terms of transactions, 83% of the transactions in restaurants, bars and cafés and for hotels and accommodation were made using cash while this share was 48% in shops selling durable goods 18 .

In order to increase vigilance and mitigate the risks posed by cash payments, the AML Directive subjects persons trading in goods to AML/CFT requirements when they make or receive cash payments of 10 000 EUR or more, including through linked payments. This measure does not amount to a blanket restriction on the use of cash, and its effectiveness heavily hinges on faithful adherence and implementation by private sector as well as effective oversight on part of national public authorities. Therefore, the Directive recognises that Member States may take different approaches, and allows them to lower the above threshold, introduce additional general limitations to the use of cash, or adopt other stricter measures.

Measures adopted at national level vary from one Member State to another:

·Currently, 19 Member States have introduced or are introducing limitations to cash payments 19 , ranging from EUR 500 in Greece to EUR 10 300 in the Czech Republic, with an average value of about EUR 4 500 20 ;

·The situation is constantly evolving, with Malta having recently introduced a limit of EUR 10 000 to payments in cash for some sectors, and other Member States having decided or planning to lower these limits (e.g. Denmark is planning to lower the limit to DKK 20 000 / EUR 2 700 and Italy will see its limit lowered to EUR 1 000 as of 2022);

·In three cases (France, Italy and Spain), higher thresholds apply to non-residents (between EUR 10 000 and EUR 15 000);

·In Hungary and Poland limits apply only to business-to-business (B2B) transactions, while some countries such as Slovenia have set different thresholds for business-to-consumers (B2C) and B2B transactions;

·Among the countries that have not set any limit to cash payments, Ireland and Sweden allow traders to refuse payments in cash.

The graph below summarises the situation across EU Member States.

Green: no cash limits set – HU, PL: limits only apply to business-to-business transactions

The map below provides a graphical representation of the intensity of the cash limits set (from the darkest to the lightest blue), where they exist, and where countries without cash limits are located. The map shows that generally neighbouring EU countries have applied different thresholds or often taken different approaches (limit/no limit), which impacts on the effectiveness of the national measures.

In its Report to the European Parliament and the Council on restrictions on payments in cash of 12 June 2018 21 , the Commission noted that introducing cash limits at EU level could have potential benefits on fighting money laundering. The report also concluded that diverging national provisions on payments in cash distort competition in the internal market, leading to potential relocations of businesses across borders, in particular for some specific sectors relying significantly on cash transactions, such as jewellery or car dealers. The report finally noted that diverging national restrictions potentially create loopholes allowing the bypassing of national cash payment limits, therefore decreasing their efficiency.

The Action plan for a comprehensive Union policy on preventing money laundering and terrorist financing, adopted by the Commission in May 2020, noted the different approaches taken by Member States to mitigate the ML/TF risks associated with cash. The Action Plan pointed out that the introduction of ceilings for large cash payments is one of the measures that could deliver a reinforced AML/CFT rulebook.

In reaction to the Action Plan, the Council conclusions of 17 June 2020 on enhancing financial investigations to fight serious and organised crime noted that the analytical work done by the Commission and Europol shows that criminals use cash payments to launder money and to finance terrorism. The conclusions called on the Commission to re-engage in a discussion with Member States on the need for a legislative limitation on cash payments at EU level.

Against this background, the Commission has proposed in its AML package published on 20 July 2021 a ceiling on cash payment. According to Commission’s proposal 22 , traders in good or services will be prevented from accepting cash payments of over EUR 10 000 for a single purchase, while allowing Member States to maintain in force lower ceilings for large cash transactions 23 . This ceiling does not apply to private operations between individuals. The Commission will assess the benefits and impacts of further lowering of this threshold within three years of application of the proposed Regulation.

Description of the risk scenario

Cash-intensive businesses are used by perpetrators:

·to launder large amounts of cash, which are proceeds of criminal activity, by claiming that the funds originate from economic activities;

·to launder amounts of cash, which are proceeds of criminal activity, by justifying its origin based on fictitious economic activities (both for goods and services);

·to finance, through often small amounts of cash, terrorist activities without any traceability.

This risk scenario is intrinsically linked to the use of/payment in cash and to the high value denomination banknotes risk scenario.

It must be noted that diverging national restrictions weaken the effectiveness of national cash threshold, by displacing illegal activities from a Member State with cash payment restrictions to a neighbour with more lenient restrictions or no restrictions at all. This was confirmed by anti-mafia prosecutors at the Commission’s High-Level Conference on AML/CFT of 30 September 2020, who noted that the absence of cash ceilings in many EU Member States facilitates laundering of proceeds for organised crime across the EU.

Threat

Terrorist financing

Cash intensive businesses are generally run by individuals through bars, restaurants, phone shops, etc. but are managed by a network of persons forming a terrorist organisation. In general, they are used to get clean cash in a speedy way (e.g. selling cars or jewelleries). However, this risk scenario is not used equally by all terrorist organisations (never seen for Daesh for instance) and not largely widespread as it requires capabilities to run the business.

Europol Financial Intelligence Public Private Partnership (EFIPPP) typologies:

Trafficking in human beings: Organised crime groups involved send cash/invest illegal profits in the country of origin: using cash couriers and MSBs (Western Union, MoneyGram) and / or invested in real estate, luxury vehicles and cash intensive businesses.

Infiltration of the legal economy: Outside the context of the pandemic, when infiltrating businesses, organised crime groups make wide use of cash and cash-intensive sectors; figureheads (of various nature); complex business ownership structures; off-shore countries and EU Member States with lower corporate transparency requirements.

Infiltration of the legal economy: the cash intensity of an economy, as well as possible limits on cash payments, are geographical indicators to determine the vulnerability to infiltration.

ML through real estate: The current economic climate following the second wave of Covid-19 pandemic and lockdown measures created new opportunities for criminals to invest in real estate or troubled businesses to generate cash and launder illicit proceeds. While the COVID-19 crisis has so far marginally affected the real estate market overall, disruption caused by lockdown measures and travel restrictions significantly impacted hotel, retail outlets and gastronomy sectors, resulting in reduced property prices and rendering real estate firms and economic operators in these sectors more susceptible to financial difficulties or other pressures, thus creating risk and potential weaknesses for criminals to exploit.

ML through real estate: the construction and renovation of real estate business are vulnerable to ML. Price settlements are usually made via unreported cash payments and there is involvement of recently created and/or obscure construction firms. In addition, different stakeholders (e.g. architects, construction site managers, construction workers) could assist in the laundering of illegal proceeds by not declaring payments or contributing to invoice falsification for tax evasion purposes. Use of low-paid, illegal workforce to under-declare costs and facilitate the laundering of the proceeds and/or commit tax fraud.

Illicit trade: while severe lockdown periods were imposed around the globe, the transnational criminal organisations that deal inter alia with illicit trade quickly adapted their modus operandi to make use of the new reality and supply markets additionally with illicit services and products that are in high demand during the pandemic. These include for instance substandard and falsified face masks, disinfectants and medicines associated with COVID-19 and tobacco products and drugs.

Illicit trade: the illegal trade in tobacco has risen considerably due to the COVID-19 pandemic.

.

Conclusions: The elements gathered by the LEAs and FIUs show only few cases have been registered meaning that terrorist groups do not favour this risk scenario as it requires some technical expertise and investments to run the business in itself which makes this modus operandi less attractive. However, since this risk is not only hypothetical and that sleeper cells are active in cash-intensive businesses, the level of TF threat related to cash intensive business is considered as moderately significant (level 2).

Money laundering

Cash intensive business is exploited by criminals as it represents a viable option which is rather attractive and secure. It constitutes the easiest way to hide illegitimate proceeds of crime. However, as for TF, it requires a moderate level of expertise to be able to run the business and to escape detection.

Law enforcement authorities confirm that cash intensive businesses continue to be used to launder criminal proceeds.

Conclusions: cash intensive businesses are favoured by criminal organisations to launder proceeds of crime. As it requires some level of expertise to run the business, the level of ML threat related to cash-intensive business is considered as significant (level 3).

Vulnerability

Terrorist financing

a) Risk exposure

While cash intensive business is less attractive to terrorist organisations than to criminals (see threat assessment below), when they are used by terrorists they present some vulnerabilities because the underlying risk is the one related to cash. The vulnerability assessment of TF related to cash intensive business is intrinsically linked to the assessment related to the use of/payments in cash in general and can follow the same rationale. Cash intensive businesses allow the processing of a huge number of anonymous transactions which require no management of new technologies and tracking tools. Hence it has a high inherent risk exposure.

b) Risk awareness

The risk awareness appears to be quite low because, even if large sums of cash can be obtained from cash intensive business, some FIUs notice that terrorist organisations seem to prefer lower denomination banknotes which are less easy to be considered as suspicious by obliged entities and LEAs.

c) Legal framework and checks

The legal frameworks in place related to cash payment limitations that some Member States have introduced. This framework varies a lot from one Member State to another concerning cash controls and cash payment limitations and, thus, controls can potentially be inexistent.

Conclusions: The vulnerability of cash intensive business is intrinsically linked to the vulnerabilities related to the use of cash in general. The variety of legal frameworks in place, the widespread use of cash in EU economies and the fact that the sector seems being not aware of this risk, the level of TF vulnerability related to cash intensive business is considered as very significant (level 4).

Money laundering

The assessment of the ML vulnerability related to cash intensive business shows that the main factors are linked to the risk posed by cash.

a)Risk exposure

The vulnerability assessment of ML related to cash intensive business is intrinsically linked to the assessment related to the use of/payments in cash in general and can follow the same rational. Cash intensive businesses allow the processing of a huge number of anonymous transactions which require no management of new technologies and tracking tools. This risk exposure concerns cash payments both for goods and services. Hence it has a high inherent risk exposure.

b)Risk awareness

The risk awareness appears to be quite low because, even if large sums of cash can be obtained from cash intensive business, some FIUs notice that terrorist organisations seem to prefer lower denomination banknotes which are less easy to be considered as suspicious by obliged entities and LEAs.

c)Legal framework and checks

Pending the adoption of Commission’s proposal 24 on cash ceiling by the European Parliament and Council, currently no upper limits to cash payments are in place at the EU-wide level.

The vulnerability of the sector is affected by the existence, or lack thereof, of rules relating to cash payment limitations:

·where cash limitation rules exist, ML vulnerabilities related to cash intensive business have been more easily mitigated due to the legal requirements which allow the refusal of cash payments above a certain threshold. In these cases, controls are in place and allow detecting red flags and suspicious transactions more easily. In addition, these cash payment thresholds are perceived by the sector and by LEAs as more efficient and, eventually, less burdensome than imposing customer due diligence measures. However, these legal businesses can also hide shadow and illicit activities which are able to circumvent cash limitations.

·where cash limitations rules do not exist, and whilst the risk awareness is quite high, the sector does not know how to manage the risks. It has no tools to control and detect suspicions transactions. The result is that the number of suspicious transactions reports (STRs) is rather low, or even inexistent.

Some Member States have introduced cash transaction reports to be declared for cash operations over a certain threshold. However, there is no common approach at EU level.

From an internal market perspective, the differences between Member States legislations on cash limitations increases the vulnerability for the internal market; perpetrators may more easily circumvent controls in their country of origin by investing in cash intensive business in another Member States having lower/no control on cash limitation. The existence of cash payments limitations in some Member States, and their absence in other Member States, creates the possibility to bypass the restrictions by moving to the Member States where there are no restrictions, whilst still conducting their terrorist or other illegal activities in the ’stricter‘ Member State.

To increase vigilance and mitigate the risks posed by such cash payments, persons trading in goods are covered by the AML Directive to the extent that they make or receive cash payments of EUR 10 000 or more. Member States are able to adopt lower thresholds, additional general limitations to the use of cash and further stricter provisions.

However, the effectiveness of those measures is still limited given the number of STRs. The volume of STR reporting is generally low because cash transactions are difficult to detect, there is not much available information and dealers may lose their clients to the benefit of competitors applying looser controls. In addition, it may be difficult for a trader in high value goods to design an AML/CFT policy in the limited events where a cash transaction beyond the threshold takes place (i.e. it is not the sector in itself which is covered by AML/CFT regime – but only high value dealers faced with cash transactions beyond a threshold). For this reason, some Member States have extended the scope to cover certain sectors regardless of the use of cash. Some Member States have also decided to apply a general cash restriction regime at this threshold to reduce the risk of ineffective or cumbersome application of customer due diligence (CDD) rules by high value dealers. However, it does not mitigate situations of cash intensive business which are based on lower amount cash transactions – or a repeated number of low amount cash transactions.

This is the reason why the Commission has proposed in its AML package proposed on 20 July 2021 the introduction of a cash ceiling of EUR 10 000.

In addition, cash intensive businesses are inherently risky because there are no rules dealing with fit and proper testing of these businesses‘ managers. Some cash intensive businesses are more vulnerable than others because they may give rise to cash exchange more easily (motor retails or pawnshops).

Conclusions: The risk exposure to ML of cash intensive businesses is influenced by the existence of legal cash limitations which are efficient to mitigate the risks but are not always sufficient. In a cross-border context, the variety of regulations on cash payments constitutes also a factor of vulnerabilities. When no rules are in place, the risk awareness of the sector is quite low, leading to few STRs to FIUs. As a result, subsequent information for investigations by LEAs are then quite limited. In light of this, the level of ML vulnerabilities related to cash intensive businesses is considered as very significant (level 4).

Risk level

As regards terrorist financing, the level of threat has been assessed as moderately significant (2), while the level of vulnerability has been assessed as very significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant/very significant (level 4).

RISK

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for terrorist financing is HIGH and for money laundering VERY HIGH.

Mitigating measures

·Money laundering and terrorist financing risks have not been sufficiently mitigated by the requirement for traders in goods to be subject to anti-money laundering rules when making or receiving cash payment of EUR 10 000. At the same time, differences in approaches among Member States have created loopholes within the internal market. The Commission deems it therefore necessary to propose a Union-wide limit to large cash payments of EUR 10 000. Member States should be able to adopt lower thresholds and further stricter provisions to mitigate the risk of money laundering and terrorist financing.

·The Commission will continue to monitor the application of limits to large cash payments across Member States. According to Commission’s proposal for a Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing published on 20 July, the Commission intends to present by 3 years from the date of application of that Regulation a report assessing the need and proportionality of further lowering the limit for large cash payments.

·Member States should take into account in their national risk assessments the risks posed by payment in cash in order to define appropriate mitigating measures. Member States should consider making sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their NRA. In that respect, Commission’s proposal for a Directive on the mechanisms for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing allows Member States to extend the application of money laundering requirements to sectors not covered in the scope of the Regulation. For this purpose, should the proposal be adopted, Member States will have to notify and explain their intention to the Commission that will adopt an Opinion on these plans.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

3. High value banknotes

Product

High value banknotes

Sector

In spite of a steady growth in non-cash payment and a moderate decline in the use of cash for payments, the total value of euro banknotes in circulation continues to rise year-on-year beyond the rate of inflation. This trend is referred to as “the paradox of banknotes”: the demand for euro banknotes has constantly increased while the use of banknotes for retail transactions seems to have decreased 25 . According to the ECB, this seemingly counterintuitive paradox can be explained by demand for banknotes as a store of value in the euro area (e.g. euro area citizens holding cash savings) coupled with demand for euro banknotes outside the euro area 26 .

Cash is largely used for low value payments 27 and its use for transaction purposes is estimated to account for less than one-third of banknotes in circulation 28 . Meanwhile the demand for high denomination notes, such as the EUR 500 note, not commonly associated with payments, has been sustained in spite of the EUR 500 note not being issued anymore since April 2019. These are anomalies which may be linked to criminal activity.

There is insufficient information around the use of cash, both for legitimate and illicit purposes. The nature of cash and the nature of criminal finances mean that there is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals. The ECB only provides broad estimates 29 .

While statistics exist on the volume and value of bank notes issued and in circulation in the EU, the question remains as to the use of a large proportion of cash in issuance especially when considering the EUR 500 note. The use of a significant proportion of banknotes remains unknown. Furthermore, the EUR 500 note accounts for 13,2% of the value of all banknotes in circulation, despite it not being a common means of payment. The EUR 200 and EUR 100 banknote account respectively for 10,2% and 23,5% 30 . Although it has been suggested that these notes are used for hoarding, this assumption is not proven. Even if this is the case, the nature of the cash being hoarded (criminal or legitimate) is unknown.

As evidenced in the Chart 1.1.2 above, the EUR 200 banknote whose circulation has significantly increased tends to replace the EUR 500 banknote since 2019.

On 4 May 2016, the Governing Council of the European Central Bank (ECB) decided to discontinue the production and issuance of the EUR 500 banknote. It did so taking into account the concerns of Europol 31 and many Member States that this is a banknote that facilitates illicit activities. Based on the ECB’s decision, since 27 April 2019, the banknote has no longer been issued by central banks in the euro area, but continues to be legal tender and can be used as a means of payment 32 .

Description of the risk scenario

Perpetrators use high value denominations, such as EUR 500 banknotes, to make the cash transportation easier (the larger the denomination, the more funds can be shrunk to take up less space).

This risk scenario is intrinsically linked to use of/payment in cash and to cash intensive business risk scenario.

Threat

Terrorist financing

The assessment of the TF threat related to high value denomination banknotes shows that terrorist groups are not keen on using high value denominations. They are not necessarily easy to access and, given that they can be detected quite easily they are not attractive for terrorist groups whose first objective is to get cash as quickly as possible. For the sake of discretion, terrorist groups tend to favour low denominations banknotes. Law enforcement authorities have detected few cases which tend to demonstrate that the intent and capability are not really significant.

Conclusions: in that context, the level of TF threat related to high value denominations banknotes is considered as moderately significant (level 2)

Money laundering

The assessment of the ML threat related to high value denomination banknotes shows that they are recurrently exploited by criminal organisations to launder proceed of crime. The risk related to high value banknotes is not limited to EUR 500 and as long as long large sums in cash are gathered they are considered as attractive by criminal organisations. It does not require any major planning or complex operation – i.e. perpetrators have the technical skills to easily use this product. It remains a „low cost“ operation and allows storing of large amounts in very small volumes – which makes it very attractive for organised crime. It has been reported by law enforcement authorities that some criminal groups seek EUR 500 banknotes by paying a premium in order to get access to those large denominations; this demonstrates its attractiveness.

Operations themselves reveal huge sums of cash moved and stashed by criminals which are steadily invested and integrated in the legal economy in a multitude of ways which rid them of bulky cash holdings at risk of being confiscated. These methods require numerous criminal associates and complicit or negligent gatekeepers to ensure that their insertion in the legal economy does not arouse suspicion.

In the EU, the use of cash is still the main reason triggering suspicious transaction reports within the financial system, accounting for 34% of all reports.

Criminals who generate cash proceeds seek to aggregate and move these profits from their source, either to repatriate funds or to move them to locations where one has easier access to placement in the legal economy, perhaps due to the predominant use of cash in some jurisdictions’ economies, more lax supervision of the financial system or stronger banking secrecy regulations, or because they may have greater influence in the economic and political establishment.

Cash smuggling may occur at other stages and is also used by non-cash generating offences. For example cybercrimes such as phishing and hacking make use of money mules to receive and withdraw sums fraudulently obtained from victims’ bank accounts in cash. These funds are thereafter sent via wire transfer to other jurisdictions where they are collected in cash by a select number of individuals, likely for onward transportation.

The cash couriers are associated with the threat of the large denomination banknotes: 500 and 200 Euro. These banknotes are not used as a legal tender and in fact in Europe in many locations they are not accepted as payment. The high denomination banknotes are used by criminals to store value or for transportation (decreased volume of high overall amount). For example, the safety deposit box of a Belgian underground operator identified during the investigation of laundering hashish proceeds of Moroccan organised criminal groups revealed predominantly 500 and 200 banknotes in overall value of 1 600 000 Euro.

Counterfeit euro banknotes continue to be trafficked in bulk on lorries, and by couriers. Post and parcel services are increasingly used to distribute counterfeit euro banknotes sold via online platforms. Currency counterfeiters continue to introduce counterfeit banknotes into circulation by purchasing low-value goods with high-value banknotes to receive legitimate currency in exchange.

Conclusions: banknotes (EUR 500 but not only) are used recurrently by criminal organisations. This modus operandi is widely accessible and available at low cost. For ML purposes, it is quite easy to abuse and requires no specific planning or knowledge. In that context, the level of ML threat related to high value denomination banknotes is considered as very significant (level 4)

Vulnerability

Terrorist financing

a) Risk exposure

Large volume of high value denominations is in circulation, despite low use in commercial transactions. Cash still allows carrying transactions in an expedited, anonymous, and untraceable way.

b) Risk awareness

Especially LEAs and FIUs have high risk awareness, as do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature, especially Europol reports, point to the blind spot in risk awareness (i.e. the precise use of high value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

c) Legal framework and checks

Even if terrorist groups are less attracted to high value denomination banknotes, detection is quite difficult because there is no EU harmonisation concerning the legal framework related to the use of high value denomination banknotes. Controls are uneven; reports to FIUs are rather few, and most of the time they cannot distinguish between ML and TF. The use of high value denomination banknotes for ML purposes may be impacted by the ECB decision to gradually phase out EUR 500 because of the recognised links with criminal activities. However, the return rate is generally quite low and these banknotes may be still in use for a long time. Therefore, this cannot be seen as an immediate mitigation measure.

Conclusions: from a vulnerability point of view, risk exposure is high, level of awareness is low and controls in place are not harmonised which create potential loopholes when cross-border transactions are at stake. In light of this, the level of TF vulnerability related to high value denomination banknotes is considered as very significant (level 4).

Money laundering

a)Risk exposure

High value denominations allow the storing/putting into circulation of large volumes of cash in a speedy and anonymous way. A large volume of high value denominations is in circulation, despite the low level of use in commercial transactions. Even if the use of high value denominations raises red flags, it remains that these denominations are not necessarily used for payments but rather to move funds. Large amounts can be stored in very small volumes. They are less easy to detect by FIUs and obliged entities.

b)Risk awareness

Especially LEAs and FIUs have high risk awareness, as do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature, especially Europol reports, point to the blind spot in risk awareness (i.e. the precise use of high 27 value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

c)Legal framework and checks

The use of high value denomination banknotes for ML purposes may be impacted by the ECB decision to gradually phase out EUR 500 because of the recognised links with criminal activities. However, the return rate is generally quite low and these banknotes may be still in use for a long time. The EUR 500 will remain legal tender and can therefore continue to be used as a means of payment and store of value. Therefore, this cannot be seen as an immediate mitigation measure.

Risk level

As regards terrorist financing, the level of threat has been assessed as moderately significant (2), while the level of vulnerability has been assessed as very significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as very significant (level 4).

RISK

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for terrorist financing is HIGH and for money laundering VERY HIGH.

Mitigating measures

Monitoring of the return rate of EUR 500 banknotes will continue as well as an assessment of the evolution of the usage of the EUR 200 banknote.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

4. Payments in cash

Product

Payments in cash

Sector

According to a December 2020 ECB’s study on the payment attitudes of consumers in the euro area (SPACE) 33 , consumers still predominantly use cash for Point of Sale (POS) and Person-to-person (P2P) payments:

·73% of the volume of POS and P2P transactions was carried out using cash as a payment instruments;

·In value terms, cash transactions accounted for 48% of all transactions;

·Cash usage of 79% in terms of number of transactions.

The significant difference between number of transactions and value is due to the more frequent use of cash for low-value transactions. As shown in the ECB SPACE study, for both POS and P2P, payments below EUR 15 represent most of the transactions. 92% of payments below EUR 5 are made in cash while only 33% of transactions above EUR 100 (which represent only 3% of all POS and P2P transactions) are paid in cash.

Use of payment instrument at POS and P2P, by value range

(x-axis: percentage, share in all transactions; y-axis: value, transactions)

Sources: ECB, De Nederlandsche Bank, Dutch Payments Association and Deutsche Bundesbank

While the increase in banknote circulation has been abnormally high during the COVID-19 pandemic 34 , the use of cash payment has been only slightly impacted. According to ECB SPACE survey, almost half of the respondents reported that they used cards and cash in a similar way. Nevertheless, 40% of respondents used contactless payment more often and the same percentage of respondents declared that they used cash much less often or somewhat less often as they did before the start of the Pandemic.

Description of the risk scenario

This risk scenario is intrinsically linked to cash intensive business and high value denomination banknotes risk scenario.

Perpetrators frequently need to use a significant portion of the cash that they have acquired to pay for the illicit goods they have sold, to purchase further consignments, or to pay the various expenses incurred in transporting the merchandise to where it is required.

Despite the advantages and disadvantages of dealing in cash (detailed earlier in this report) for criminal groups, there is often little choice. The criminal economy is still overwhelmingly cash based. This means that, whether they like it or not, perpetrators selling some form of illicit product are likely to be paid in cash. The more successful the perpetrators are and the more of the commodity they sell, the more cash they will generate. This can cause perpetrators significant problems in using, storing and disposing of their proceeds. Yet despite these problems, cash is perceived to confer some significant benefits on them.

In addition, the objective of criminals is to launder large amounts of cash, which are proceeds of criminal activity, by claiming that the funds originate from economic activities. They may launder amounts of cash by justifying its origin based on fictitious economic activities (both for goods and services). Terrorists may finance, through often small amounts of cash, terrorist activities without any traceability (see general description under cash intensive business).

In the European Supervisory Authorities’ Joint Opinion of 2019, the risk deriving from the use of cash was one of the key concerns for competent authorities. According to EBA 35 , the risk continues to be relevant for a much smaller proportion of competent authorities. Some competent authorities noted in that regard an increase in the use of contactless methods of payment, which has since been exacerbated in the current context of COVID-19.

Threat

Terrorist financing

Terrorist groups use recurrently cash, as this modus operandi is widely accessible and low cost. Cash is at the basis of all illicit trafficking and illicit purchase of products. In general, cash is really attractive, difficult (even impossible) to detect and does not require specific expertise to be used.

Europol Financial Intelligence Public Private Partnership (EFIPPP) information/ indicators extracted from typologies:

Infiltration in legal economy typology:

·The cash intensity of an economy, as well as possible limits on cash payments, are geographical indicators to determine the vulnerability to infiltration.

ML through real estate typology:

·Purchases, rental payments, return of deposit made in cash or monetary instruments, sometimes in combination with unusual advanced payments.

·Bank accounts opened in the name of non-financial professionals in order to carry out various financial transactions (e.g. depositing cash, issuing and cashing cheques, sending and receiving international fund transfers).

·Criminals may use illicit cash to acquire cheap real estate in crisis-hit (COVID-19) sectors as a cover to move funds or aiming at the economic exploitation of the property or subsequent sale due to expected price increases.

·Payment for construction of renovation of real estate via unreported cash payments. Also rental payments or return of deposits in cash.

Illegal trade typology:

·Regarding the illegal trade in tobacco, an indicator is that payments are made to unrelated third parties via: i) Cash. ii) Wire transfers. iii) Checks, bank drafts or postal money orders from unrelated third parties. Cash based payments are also used in illegal wildlife trade.

.

Conclusions: Based on the feedback from LEAs and FIUs, the level of TF threat is considered as very significant (level 4).

Money laundering

The assessment of the ML threat related to payments in cash is considered as similar to the assessment of TF threat. For ML, cash is also the preferred option for criminals, which allows hiding illicit proceeds of crime easily and moving funds rapidly, including cross-border. As for TF, it does not require specific expertise, knowledge or planning capacities.

Illegal cash is supplied to intermediaries to buy goods in countries with no or few restrictions on cash payments. Products purchased either hold considerable value, such as luxury goods, or for which there is a specific but considerable demand: such as vehicles (whether second-hand or luxury, construction machineries).

Cash integration by buying from legitimate trading companies goods that are exported at market price is increasing.

Conclusions: based on the feedback from law enforcement authorities (LEAs) and financial intelligence units (FIUs), the level of ML threat is considered as very significant (level 4).

Vulnerability

Terrorist financing

a) Risk exposure

Cash payments allow speedy and anonymous transactions. The level of risk exposure is very high considering that large sums can also be moved across borders and may involve high risk customers and/or geographical areas.

b) Risk awareness

Especially LEAs and FIUs have high risk awareness, and so do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature points to the blind spot in risk awareness (i.e. the precise use of high value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

c) Legal framework and checks

While cash payment limitations may allow a mitigation of the level of vulnerability, legal frameworks in place related to cash payment limitations vary a lot from one Member State to another and, therefore, controls can potentially be inexistent 36 . From an internal market perspective, the differences between Member States legislations on cash limitations increases the vulnerability for the internal market; perpetrators may more easily circumvent controls in their country of origin by investing cash intensive business in another Member States having lower/no control on cash limitation.

The 4th AML Directive provides that high value dealers accepting payment in cash beyond EUR 10 000 are subject to AML/CFT rules and have to apply customer due diligence (CDD) requirements. This obligation applies to any persons trading in goods when the payment is made in cash beyond EUR 10 000 – but it does not cover services, apart from gambling services, and in that case when carrying out transactions amounting to EUR 2 000. These same thresholds are followed by Directive 2018/843 (the 5th AML Directive).

However, the effectiveness of those measures is still limited considering the number of STRs. The volume of STR reporting is generally low because cash transactions are difficult to detect, there are few available information and dealers may lose their clients for the benefit of competitors applying looser controls. For those Member States who have put in place currency transactions reports (CTR), most of the time they are not connected to any STR and the analysis cannot be conducted (for instance, large sums withdrawn from an ATM will trigger CTR but no specific suspicion is related to that and the FIU cannot launch any investigation).

In addition, it may be difficult for a trader in high value goods to design an AML/CFT policy in the limited events where a cash transaction beyond the threshold takes place (i.e. it is not the sector in itself which is covered by AML/CFT regime – but only high value dealers faced with cash transactions beyond a threshold). For this reason, some Member States have extended the scope to cover certain sectors regardless of the use of cash. Some Member States have also decided to apply a general cash restriction regime at this threshold to reduce the risk of ineffective or cumbersome application of CDD rules by high value dealers. However, it does not mitigate situations of cash intensive business which are based on lower amount cash transactions – or a repeated number of low amount cash transactions.

Against this background, in its proposal for an AML package presented on 20 July 2021, the Commission has proposed to prevent traders in good or services from accepting cash payments of over EUR 10,000 for a single purchase, while allowing Member States to maintain in force lower ceilings for large cash transactions. This ceiling does not apply to private operations between individuals. As a consequence of the introduction of cash limits, traders in goods would be removed from the list of obliged entities. Going forward, the Commission will assess the benefits and impacts of further lowering this threshold within three years of application of the proposed Regulation.

It must be noted that some competent authorities consider that even when cash payment limitations exist, enforcement of these limitations is very challenging and may limit their impact on TF activities.

Conclusions: considering that cash payments may engage large transactions speedily and anonymously, including cross-border, that all sectors may potentially be exposed to cash payments and even if they are aware that these payments present some risks are not equipped to mitigate them (either because no framework/controls in place, or because enforcement of the controls is not efficient), the level of TF vulnerability related to payments in cash is considered as very significant (level 4).

Money laundering

a)Risk exposure

The sector shows the same vulnerability to TF as to ML. As for TF, cash payments allow speedy and anonymous transactions to launder proceeds of ML crime. The level of risk exposure is very high considering that large sums can also be moved across borders and may involve high risk customers and/or geographical areas.

b)Risk awareness

Especially LEAs and FIUs have high risk awareness, and so do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature, especially the Europol report, points to the blind spot in risk awareness (i.e. the precise use of high value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

c)Legal framework and checks

While cash payment limitations may allow mitigating the level of vulnerability, legal frameworks in place related to cash payment limitations vary a lot from one Member State to another and, therefore, controls can potentially be inexistent. From an internal market perspective, the differences of Member States legislation in cash limitations increases the vulnerability for the internal market; perpetrators may more easily circumvent controls in their country of origin by investing cash intensive business in another Member States having lower/no control on cash limitation.

The volume of reporting is very low because cash transactions are difficult to detect. For those Member States who have put in place CTR, most of the time they are not connected to any STR and the analysis cannot be conducted (for instance, large sums withdrawn from an ATM will trigger CTR but no specific suspicion is related to that and the FIU cannot trigger any investigation).

In any case, some competent authorities consider that even when cash payment limitations exist, enforcement of these limitations is really challenging and may limit their impact on ML activities.

Conclusions: considering that cash payments may engage large transactions speedily and anonymously, including across border, that all sectors may potentially be exposed to cash payments and even if they are aware that these payments present some risks are not equipped to mitigate them (either because no framework/controls in place, or because enforcement of the controls is not efficient), the level of ML vulnerability related to payments in cash is considered as very significant (level 4).

Risk level

As regards terrorist financing, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as very significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant/very significant (level 4).

RISK

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both, terrorist financing and money laundering is VERY HIGH.

Mitigating measures

·The Commission will continue to monitor the application of AML/CFT obligations by dealers in goods covered by the AMLD and further assess risks posed by providers of services accepting cash payments. It will further assess the added value and benefit for making additional sectors subject to AML/CFT rules.

·Member States should take into account in their NRA the risks posed by payment in cash in order to define appropriate mitigating measures suitable to address the risk. Member States should consider making sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their NRA.

·The prohibition of payments in cash for some types of dangerous products – like those included in national databases on dangerous chemical products – should be considered.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

In the Commission proposed AML Regulation 37 , Member States will keep the possibility to extend the scope of application to other sectors not covered in the scope of that Regulation. For this purpose, Member States would have to notify and explain their intention to the Commission and suspend the effect of such extension for 6 months, during which time the Commission will adopt an Opinion on the plans. The Commission may then choose to propose legislation at Union level.

5. Privately owned ATMs

Product

Privately owned ATMs Sector

Sector

There exists a growing use of privately owned cash machines (ATMs) across the Union and its possible misuse for money laundering purposes has been brought to the attention of LEAs. According to information received the legal possibility for private parties to buy and rent ATMs from wholesale suppliers is creating a loophole that criminals are taking advantage of.

For many merchants, owners of clubs, bars and restaurants installing one of these ATMs has proven to be a business-oriented decision – the client is offered the convenience to withdraw cash and the merchant is maximizing the probability that some of that cash will be spent in his business.

Private ATMs tend to be located in cash-intensive businesses. In addition, privately owned ATMs can also be found in money service businesses (MSB). Taking into consideration the fact that the presence of an ATM in a MSB is illogical due to the nature of an MSB service and also the fact that many hawaladars’ side legal business 38 is running an MSB or a currency exchange service, the risk of misuse can be clearly identified. In addition, privately owned ATM may be used to purchase virtual currencies 39 .

Description of the risk scenario

a)ATM loading options

In order to load the machine one option is to use the services of cash management/cash delivery company.

Another option for the merchant operating a business is to load the cash from his teller. This provides additional opportunities for traders to commit tax evasion by selling goods in exchange of cash without issuing receipts. They then simply place their black cash inside their ATM machine and wait for it to be taken by normal clients. At the end of the year such sales are never declared to their tax authority.

The third and most concerning option is simply to load the ATM with criminal cash 40 . Intelligence gathered shows that in cases where criminal cash is used the modus operandi is the following: a courier delivers to the ATM owner/merchant criminal cash. It may derive from different cash generating activities like drug trafficking, illegal immigration, trafficking in human beings, labour and sexual exploitation, selling of counterfeit of smuggled goods, theft, robbery, etc. The criminal cash is then loaded into the machine. As unsuspecting customers or passers-by in need of cash are using their cards to withdraw cash the same amount is debited from their bank accounts and credited into the account of the owner of the ATM/merchant. Afterwards, he can simply transfer the money to any given account controlled by the criminal, minus the commission agreed upon.

b)De-linking bank accounts and internationalization risks

An internationalized, potentially much more dangerous risk scenario appears when national regulations require that a private entity buying an ATM should upon its purchase provide a national bank account number which is linked to the ATM and its activities, but there is no requirement for the merchant to request cash for the ATM from the same bank account that he linked to his ATM or even from the same bank. This hampers the proper monitoring by banks.

A review of the companies offering private ATM services shows that there are several major suppliers, British and American 41 who have managed to make their business international 42 .

Important questions arise concerning the accounts to which these ATMs (sold by EU and US companies and present in EU countries) are linked. If they are linked to an EU national bank account, but physically present in another country, then it is virtually impossible to establish the origin of the cash being inserted in them.

c)Tax evasion and fraud

Private ATMs are also used for tax evasion and fraud especially as some cash-intensive business operators encourage their clients to extract cash for services that are not invoiced or recorded. The amount of money lost in tax revenues from tax evasion and fraud through private ATMs is more significant than the amount laundered.

d)Micro-structuring by organized crime

With respect to money laundering, private ATMs are often used to “microstructure” – depositing and withdrawing of small sums of money that are consistent with normal ATM withdrawal amounts, going undetected by bank controls. Organized crime members will make voluminous small daily cash deposits into 100 or more bank accounts using private ATMs to avoid triggering anti-money laundering reporting requirements.

Threat

Terrorist financing

There exist currently few specific assessments of the TF threat related to privately owned ATMs. Nevertheless, the combined assessment on payments in cash as well as the analysis on cash couriers show that this modus operandi is widely accessible and low cost. The threat of cash transportation into the EU from a third country may also exist, in particular from countries exposed to TF risks or conflict areas. Cases have been identified concerning low amounts and involving integration of cash carried from third countries into the financial system/legal economy of the EU (analysed in a separate section of this report).

Conclusions: based on the feedback from LEA and FIUs, the level of TF threat is considered as very significant (level 4).

Money laundering

The assessment of the ML threat related to privately owned ATMs shows that this modus operandi is exploited by criminals as it represents a viable option which is rather attractive and secure. It constitutes an easy way to evade taxes and hide illegitimate proceeds of crime. However, as for TF, it requires a moderate level of expertise to be able to run the business and to escape detection. This modus operandi is also used to purchase virtual currency, as reported by FIUs and confirmed by EUROPOL: As there exists not harmonised or control of crypto-ATM, it is easy to deposit cash in those crypto ATM to transform cash into crypto 43 .

Conclusions: based on the feedback from LEA and FIUs, the level of ML threat is considered as very significant (level 4).

Vulnerability

Terrorist financing

a) risk exposure

The vulnerability assessment of TF related to privately owned ATMs is intrinsically linked to the assessment related to the use of/payments in cash in general and can follow the same rationale. Privately owned ATMs allow the processing of a huge number of anonymous transactions which require but an initial investment. Hence it has a high inherent risk exposure.

b) risk awareness

The risk awareness appears to be quite low.

c) legal framework and checks

According to the EU legal framework, the service of cash withdrawal can be offered by unregulated entities (i.e. not subject to AML/CFT requirement). The legal frameworks in place vary from one Member State to another and, thus, controls can potentially be inexistent.

Conclusions: the vulnerability of privately owned ATMs is intrinsically linked to the vulnerabilities related to the use of cash in general. The widespread use of cash in EU economies and the fact that the sector seems being not aware of this risk, the level of TF vulnerability is considered as very significant (level 4).

Money laundering

a)risk exposure

The vulnerability assessment of money laundering related to privately owned ATMs is intrinsically linked to the assessment related to the use of/payments in cash in general and can follow the same rationale. Privately owned ATMs allow the processing of a huge number of anonymous transactions which require but an initial investment. Hence it has a high inherent risk exposure.

b)risk awareness

The risk awareness appears to be quite low.

c) legal framework and checks

According to the EU legal framework, the service of cash withdrawal may be offered by unregulated entities (i.e. not subject to AML/CFT requirement). The legal frameworks in place vary from one Member State to another and, thus, controls can potentially be inexistent.

Conclusions: the vulnerability of privately owned ATMs is intrinsically linked to the vulnerabilities related to the use of cash in general. The widespread use of cash in EU economies and the fact that the sector seems being not aware of this risk, the level of money laundering vulnerability is considered as very significant (level 4).

Risk level

As regards terrorist financing, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as very significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant/very significant (level 4).

RISK

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both, terrorist financing and money laundering is VERY HIGH.

Mitigating measures

Private ATM companies pose an increased risk to banks and should be treated as high-risk in money laundering compliance risk assessments. The risks for banks are not just financial but reputational.

·Firstly, customers who have privately owned or operated ATMs should be duly identified.

·Once the bank has identified an ATM owner or operator, it should obtain additional information to gain an understanding about the ATM owner/operators well as an understanding of the ATM owner’s procedures.

·After sufficient information is obtained, the sponsoring bank should implement a process to monitor the accounts of the ATM owners. The information obtained during the due diligence process should enable the bank to determine the amount of monitoring necessary as well as how often.

·Member States should guarantee the obligation to register, limit ownership, monitor, or examine privately owned ATMs – up to and including the obligation to link ATMs to a bank account of the Member Sate they are physically located in.

· An enhanced collaboration with customs agency will help acquire further information on the importation of AML machines.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

FINANCIAL SECTOR

1. Retail banking sector

Product

Retail deposits on accounts (excluding private banking)

Sector

Credit and financial institutions

General description of the sector and related product/activity concerned

European Union total deposits was reported at EUR 14,8 billion in October 2021 44 . The data reached an all-time high of EUR 15,3 billion in May 2021 and a record low of EUR 3,7 USD billion in October 2000. This is the sum of all deposits by non-financial corporates, households, insurance corporates, pension funds and other financial intermediaries, which covers all Monetary Financial Institutions (MFIs).

In Euro area, the European Central Bank reported the total of EUR 8,665.6 billion of deposits vis-à-vis other Euro area residents in Q3 of 2021 45 . This figure similarly includes both retail and corporate deposits.

In terms of trends, the global pandemic has driven an increase in savings by households, which is reflected in the increase of the total deposits from around EUR 12,4 trillion in January 2020 in the wake of the pandemics to current EUR 14,8 trillion in Q3 2021. The level of deposits has only started to decrease in May 2021, reflecting a tentative return to normalised consumer spending behaviour.

Description of the risk scenario

Money launderers place the proceeds of crime into the financial system through the regulated credit and financial sector in order to hide its illegitimate origin. Terrorists, supporters or facilitators place funds from legitimate or criminal sources into the financial system with a view to using it for terrorist purposes.

Money mule mechanisms may be used to transfer proceeds out of the banking sector using personal accounts, either through cybercrime (scamming, fake banking websites etc.) or through money value transfer services.

‘Bridge accounts’ are also used to launder money. These are accounts of legal or natural persons in the EU with the sole purpose of transferring funds to non-EU countries.

Natural persons may open bank accounts based on fake identification documents. Usage of such bank accounts to collect and transfer money from illegal sources (i.e. to introduce resources to the banking system and to further transfer these).

Threat

Terrorist financing

The assessment of the terrorist financing threat related to deposits on account shows that this risk scenario concerns both the placing and withdrawing of funds (i.e. deposits on account and use of this account withdrawing those funds or transferring to another bank accounts).

Account deposits are frequently used not only by terrorists, but also by their relatives/friends; this extends the scope of the intent and capability analysis 46 . Furthermore, law enforcement authorities have reported the use of forged or stolen documents by terrorists to open bank accounts. According to information from competent authorities, terrorist fighters generally withdraw bank account deposits through ATMs located in high-risk non-EU countries or conflict zones in general, or in bordering countries. Terrorists outside conflict zones also withdraw funds through ATMs in order to pay in cash some of the expenses related to their operations. The use of deposit accounts for TF purposes may, in conflict zones, be complicated by difficulties to access funds, especially where access to ATMs or a functioning banking network is disrupted. The source of the funds deposited on bank accounts may come from both legitimate and non-legitimate origins.

In general, deposits accounts are easily accessible, especially when legitimate funds are used, and thus they do not trigger any suspicion when the bank account is opened. It appears that terrorist groups do not experience specific challenges in hiding the real beneficiary of the funds or the exact purpose of the transaction (destination of funds) given that they may still include family members or relatives in the ownership chain.

This requires at least basic planning and basic knowledge of how banking systems work. At the same time, once executed, cash withdrawals allow cross-border movements, which makes this risk scenario rather attractive.

Conclusions: terrorists groups rather frequently use deposits on account and related money value transfer services to easily enter cash in bank accounts and withdraw money for terrorist activities, although it requires some basic knowledge and planning capabilities to ensure that funds deposited appear legitimate. As a result, this method is rather attractive for terrorist groups. That being the case, the level of terrorist financing threat related to deposits on accounts is considered as significant/very significant (level 3/4).

Money laundering

The assessment of the money laundering threat related to deposits on account shows that this risk scenario concerns both the placing and withdrawal of funds (i.e. deposits in an account and subsequent use of this account, withdrawing money from that deposit account or transferring money to disguise the origin of funds).

Deposits on account are frequently used by organised crime organisations, but also by relatives/close associates, which extends the scope of the intent and capability analysis 47 . Law enforcement authorities report frequent use of this method as one of the easiest ways to integrate illicit funds into the financial system. Although in the case of small amounts of money, deep planning and knowledge of how banking systems work may not be necessary, in the case of a complex money laundering case involving funds deposited on accounts transiting via a chain of complex operations, more in-depth knowledge is necessary and perpetrators may use available expertise from intermediaries.

Conclusions: In the light of the above threats, specially the use by criminal organizations, the level of the money laundering threat related to deposits on account is considered as very significant (level 4).

Vulnerability

Terrorist financing

The assessment of terrorist financing vulnerability related to deposits on accounts looked at the placement and withdrawing of funds

a) risk exposure

Banks continue to be exposed to terrorist financing risks: deposits on accounts represent the most straightforward and least sophisticated way to introduce money into the financial system. In the case of the risk from terrorist financing, the risk exposure is even higher when the origin of funds is legitimate.

The use of funds in deposit accounts for terrorist purposes is difficult to detect as low amounts of money are usually used by terrorist groups. When it comes to sending money to conflict zones, the terrorist financing risk is lower in deposits on accounts as perpetrators prefer the use of other products such as money value transfer services or E-money products.

b) risk awareness

The risk awareness of credit and financial institutions is generally good, and the banking sector has put in place guidance to detect the relevant red flags on terrorist financing.

However, systems and checks that firms put in place to mitigate the terrorist financing risk are similar to, and often the same as, the checks put in place for anti-money laundering purposes. Supervisors and law enforcement agencies are aware of vulnerabilities to terrorist financing and are proactively engaged with the sector.

c) legal framework and checks

Deposits on accounts have been included in the scope of the framework on anti-money laundering (AML) and countering the financing of terrorism (CFT) since the first AML/CFT legislation at EU level in 1991. Checks in place are generally considered as efficient, although some banks limit them to sanctions screening, which is an element of, but not a substitute for, effective CFT checks. Financial sanctions target individuals or groups that are already known to pose a threat, whereas the risk from terrorist financing often emanates from individuals who are not caught by the sanctions regime. This is why risk‐based AML/CFT checks, and transaction monitoring in particular, are key to an effective fight against terrorist financing.

Usually, banks do not have access to relevant information that would help them identify terrorist financing risks before they materialise, as such information is often held by law enforcement agencies. Likewise, law enforcement agencies’ efforts to disrupt terrorist activities and networks can be hampered in cases where they are unable to obtain information about finance flows that only firms can provide. There are now initiatives at national and supranational levels to test how law enforcement agencies can provide firms with more specific and meaningful information on specific persons of interest, allowing firms to focus their transaction monitoring on these persons.

Conclusions: risk exposure may be considered as quite high, and the sector, despite a good level of awareness, needs to improve the efficiency of checks to mitigate the terrorist financing risk. Engagement with law enforcement agencies is essential in this area. As a result, the level of terrorist financing vulnerability related to deposits on accounts is considered as significant (level 3).

Money laundering

Money laundering vulnerability mainly depends on the effectiveness of monitoring systems to detect suspicious transactions when cash enters bank accounts or transactions linked to cash. Vulnerability is also high when it comes to transfers of funds from high-risk customers.

a) risk exposure

Deposits on account represent the most straightforward way of introducing money from illicit activities into the financial system. There volume of deposits where, in the case of cash, the origin of funds cannot be always traced, is relatively high. While deposits are a rather common practice for credit and financial institutions, they represent a high number of operations that may involve different kind of customers. Some customers may be high-risk because they are politically exposed or because they are identified as high-risk customers (i.e. some non-resident bank accounts in EU banks).

The extensive use of cash in some sub‐sectors and in some Member States is considered by most supervisors to be one of the contributing factors that exposes the sector to money laundering vulnerabilities, particularly where the sector is made up of many retail banks. The inherent risk deposits on accounts can also be increased by the use of new technologies and non-face-to-face business relationships.

Supervisors also consider cross‐border activities as being exposed to a significant and very significant money laundering risk, particularly in those Member States that are known as international financial centres. Non‐resident customers from high‐risk jurisdictions and off‐shore companies also contribute to the increased inherent risk in this sector. In some Member States where the domestic deposit base is small to relative to the size of the financial sector, non-resident deposits, especially from bordering non-EU countries, are an attractive source of funding. However, experience of recent years has shown that such deposits, depending on the source jurisdiction and other circumstances, often required reinforced AML controls, which were not in place or not commensurate to the level of risk they presented. Excessive risk taking by credit institutions resulted in significant exposure of the EU jurisdictions to the flow of funds of potentially suspicious origin from third countries. A recent trend is a steady decrease of the proportion of non-resident deposits in EU jurisdictions – due to both voluntary de-risking by the banking sector as well as public policies of the EU jurisdictions concerned.

b) risk awareness

The risk awareness is generally good, as the sector has in place guidance to detect the relevant red flags on money laundering. While the banking sector has an inherently high exposure to money laundering risks, it also has adequate tools to detect them. This is confirmed by a high levels of reporting. Financial intelligence units and law enforcement agencies are also well aware of the vulnerabilities of the sector and are proactively engaged with it. At the same time, in accordance with Study on EU Payment Accounts Market , 55% of the respondents answered that the suspicion of money laundering or terrorism financing was a key reason for refusing customers the opening of a payment account 48 .

For supervisors, while the banking sector is considered inherently risky, as credit institutions are often the first entry point into the overall financial services sector, the concentration of firms rated at very significant risk is relatively small. However, 2020 was the year when record amount of AML/CFT compliance-related fines were issued in the financial sector globally, and another record for fines in the Union banking sector 49 .

c) legal framework and checks

Deposits on accounts have been covered by the AML/CFT framework since the first AML/CFT legislation at EU level in 1991. Checks in place are considered as efficient, but it may be necessary to perform thematic supervision to check the effectiveness of the monitoring systems used to detect suspicious cash transactions, especially when legal entities and legal arrangements are involved. Supervisors are also concerned about checks put in place by credit institutions for managing risks associated with customers involving complex off‐shore structures; in particular, checks to identify and verify beneficial owners are considered insufficiently robust.

Conclusions: the inherent money laundering risk associated with deposits is appropriately mitigated by credit institutions. However, there are still some concerns about the effectiveness of checks, in particular checks on customers with complex offshore structures and on foreign customers from high-risk jurisdictions. In this context, the level of money laundering vulnerability related to deposits on accounts/retail banking is considered as significant (level 3).

Risk level

As regards terrorist financing, the level of threat has been assessed as significant.

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as significant (3), and the level of vulnerability has been assessed as very significant (level 4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for terrorist financing is 3, HIGH, and the estimated risk for money laundering is 4, VERY HIGH.

Mitigating measures

For the Commission:

·Introduction of a harmonised, directly applicable framework of customer due diligence requirements, including remote on boarding requirements.

·Introduction of harmonised requirements for identification of beneficial owners and a harmonised framework of requirements applicable to beneficial owners and their associates.

·Introduction of Union-wide large cash payments limit of EUR 10 000.

·Collect and promote best practices in the area of cooperation between law enforcement agencies and financial institutions to improve effectiveness of terrorist financing alert systems at supranational level.

For Member States / competent authorities:

·public-private sector cooperation to exchange information related to terrorist financing.

·thematic inspections focusing on:

oassessing the efficiency of monitoring systems for cash transactions and the limits on cash transactions currently in force in the Member State and the placing of funds in bank accounts linked to the simultaneous transfer of funds to high-risk non-EU countries.

oeffectiveness of customer due diligence and enhanced customer due diligence for legal entities and legal arrangements.

oCompetent authorities should ensure that systems and checks are put in place to reduce firms’ ability to design or recommend products and services that help their customers commit tax crimes.

2. Retail and institutional investment sector

Product

Retail and institutional investment products and services

Sector

Financial institutions – credit institutions, asset management companies, investment firms

General description of the sector and related product/activity concerned

The EU asset management sector can be subdivided into three categories. The first category comprises the mutual fund industry, the Undertakings for Collective Investment in Transferable Securities (‘UCITS’) funds (11.6 trillion euros of net assets domiciled in Europe under management in 2020). The second category includes alternative investment funds (‘AIFs’) (the alternative investment fund industry had a net asset value of 7.1 trillion euros at the end of 2020) such as hedge funds, private equity, funds of funds and real estate funds. The third subcategory relates to discretionary mandates. Altogether, the asset management sector has steadily increased which is reflected by the fact that 27 trillion euros (or 157% of European GDP) of European Assets are estimated to be managed by the first quarter of 2021, 55% on behalf of investment funds and 45% in managing discretionary mandates.

Total fund ownership in Europe which relates to the funds that are bought and held by investors in Europe and excludes funds domiciled in Europe that are sold outside Europe has also been steadily growing. For instance, there has been an increase to 13.6 trillion euros at the end of 2020, compared to 6.3 trillion euros in 2010. The highest levels of fund ownership can be found in Germany, France, the Netherlands and Italy.

Overall, there are more than 4,500 asset management companies operating in Europe with most of the activity taking place in the United Kingdom, France, Germany, Switzerland, Italy and the Netherlands. In terms of domiciles, Luxembourg and Ireland are leading with market share in 2020 of 27% and 18%, respectively.

The EU asset management industry serves both retail clients — usually composed of households and high net worth individuals — as well as institutional clients. Institutional clients which include insurance companies and pension funds, still account for the largest stake of investment funds held with 74.7% while households account for 25.3% 50 .

Description of the risk scenario

There are various scenarios where criminals can commit abuses against investors or financial markets resulting in, or amounting to, money laundering. For instance, criminal proceeds may be used to purchase investment products (e.g. using brokerage accounts), such as title of shares to conceal beneficial ownership, investment activity may be used to justify criminal proceeds such as profit obtained from other (illicit) activity Predicate investment fraud, or placement of proceeds using specialised high-return financial services, and market abuse (which comprises insider dealing, market manipulation, and unlawful disclosure of inside information, all of which are covered by the scope of the EU Market Abuse Regulation 51 and the EU Criminal Sanctions for Market Abuse Directive 52 ), are also examples of money laundering risk scenarios.

General comments

The main risk scenario considered from the perspective of money laundering vulnerability is linked to intermediated investment services

Threat

Terrorist financing

The terrorist financing threat related to retail and institutional investment could be significant if large amounts of legitimate funds are invested to finance terrorism, but when it comes to generating small amounts to commit terrorist attacks, the terrorist financing threat is not significant in this product/sector.

Conclusions: the assessment of the terrorist financing threat related to institutional investment through banks is considered as less significant (level 1).

Money laundering

The increasing role of facilitators in money laundering schemes can make the sector more exposed to such threats, although knowledge and technical expertise are needed to carry them out. Criminal organisations could rely on such facilitators to launder the proceeds of illegal activities. Although large amounts of funds can be involved in investment-related activities, they are not easy to access, the investment activities themselves not necessarily financially viable (depending on the quality of investment) and in any case requires knowledge and technical expertise. Therefore, criminal organisations usually abstain from carrying out investment activities themselves 53 , which makes the role of facilitators essential for both creating and utilising opaque structures to hide the proceeds of criminal activities.

A few methods for moving large illicit flows, prepared by highly skilled facilitators, have remained relevant:

·capital market commodity participants conducting over-the-counter future swaps 54 through exchanges, and using illicit funds to settle once expired;

·the simultaneous purchase, transfer and sale of securities across jurisdictions by two seemingly unrelated, but mutually controlled, entities;

·capital market fixed income participants conducting bond trades on behalf of organised criminals, using illegitimate money to purchase bonds and then deposit funds into financial institutions after sale of those bonds.

Conclusions: in this context, the assessment of the money laundering threat related to retail and institutional investment services, especially involving facilitators/brokers is considered as significant (level 3).

Vulnerability

Terrorist financing

Terrorist financing vulnerability related to investment services presents a less significant inherent risk. Risk factors (products, customers, geographies and delivery channels) do not favour the use of this products and services for terrorist financing purposes.

Perpetrators usually do not have the expertise to access the sector, while the low amounts of money used to finance terrorist attacks made other sectors more attractive for their purposes.

Conclusions: in light of the above, the assessment of the terrorist financing vulnerability related to investment services is considered as less significant (level 1).

Money laundering

The assessment of the money laundering vulnerability related to retail and institutional investment sector is as follows:

a) risk exposure

The main factor that mitigates the inherent risk of money laundering is the low level of cash-based transactions, despite the fact that the sector is exposed to high-risk customers, including politically exposed persons, while the volume and level of cross-border transactions are high. To have access to the investment sector, perpetrators need to introduce money through the banking system, and hiding illegal money through opaque structures requires a high degree of expertise and/or high cost. Therefore, banks are often a first barrier that mitigates the inherent money laundering risk.

b) risk awareness

Risk awareness in the sector is not high when transactions are performed out of the banking sector. This is because firms usually rely on banks to apply customer due diligence and monitoring when money enters bank accounts.

Supervisors consider the overall risk of the sector moderately significant; however, the risk profile at firm level shows that a significant proportion of firms are classified as a less significant risk. Despite this, most supervisors consider this sector to pose a very significant cross-border risk. Another key risk this sector is exposed to is reconciling the anti-money laundering standards of the home and host Member States where there are branches of a group in different countries.

According to financial intelligence units, the number of suspicious transaction reports is quite low compared to the volume of transactions concerned, due to the sector being more familiar with detecting fraud such as insider trading or market abuse than suspicions of money laundering. At the same time, the financial transactions concerned are more complex and the suspicious ones are probably less easy to detect by obliged entities.

The sector also experiences significant conflict of interest between concerns over potential money laundering and the need to attract customers, some with a high money laundering risk profile, such as politically exposed persons, customers from high-risk non-EU countries and high-income customers. In that sense, where the investment service is intermediated, the level of vulnerability to money laundering is higher than the vulnerability of retail or institutional investment services provided directly to the end client.

c) legal framework and checks

Institutional and retail investments services through all types of financial sector entities are covered by AML/CFT requirements at EU level. In the investment field, the client manager has a vested interest in conducting the business relationship (reward/salary), and this may reduce incentives to carry out rigorous customer due diligence.

Supervisors consider that poor checks are limiting the effectiveness of suspicious transaction reporting and the effectiveness of ongoing monitoring policies and procedures, including transaction monitoring. In contrast, most breaches identified in inspections were considered as minor. The most common finding was poor quality checks on politically exposed persons.

Conclusions: the risk exposure is inherently high due to the nature of the customers and the large amounts linked to the transactions. However, inherent risk is mitigated due to a low level of cash-based transactions and due to bank anti-money laundering checks when potentially illegal proceeds are introduced into financial system via banks. When investment services involve intermediation by brokers, money laundering vulnerability is higher than when those services are directly to end customers. In addition, the use of opaque structures or complex schemes can increase vulnerability if obliged entities do not have the resources to detect and report to financial intelligence units. Lack of resources to apply robust customer due diligence procedures and some conflict of interest over attracting customers with a high-risk money laundering profile can increase vulnerability. In this context, the money laundering vulnerability related to investment services provided through brokers is considered as moderately significant/significant (level 2/3).

Risk level

As regards terrorist financing, the level of threat has been assessed as non-relevant (1>).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as moderately significant/ significant (level 2/3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for money laundering is HIGH.

Mitigating measures

For the Commission:

·Introduction of a harmonised, directly applicable framework of customer due diligence requirements for all the relevant types of financial sector obliged entities active in the area of retail and institutional investment services.

·Introduction of a harmonised requirements for identification of beneficial owners and harmonised framework of requirements applicable to beneficial owners and their associates.

·Establishment of the interconnection of beneficial owner registers at EU level.

For Member States / competent authorities:

·Effective implementation of Directive 2018/822/EU from 2020, under which intermediaries are required to submit information on reportable cross-border tax arrangements to their national authorities.

·Thematic inspections to assess:

oeffectiveness of customer due diligence and enhanced customer due diligence as well as beneficial owner identification requirements are implemented by financial sector entities providing retail and institutional investment services.

For the European supervisory authorities:

·Guidelines on best supervisory practices to the investment sector. Define the main money laundering risk scenarios and products, alongside the most effective ways to conduct on-site and off-site inspections.



3. Corporate banking sector

Product

Corporate banking products (including trade finance)

Sector

Credit institutions — Corporate banking

Description of the risk scenario

Perpetrators use cash front businesses to inject proceeds into the legal economy using company accounts with multiple signatories.

Threat

Terrorist financing

Corporate banking can provide large amounts of legitimate funds to finance terrorist activities or send money to conflict zones. However, that risk scenario is not probable as small amounts of money are used to carry out individual terrorist attacks and other products/sectors which are less traceable may be utilised. Individuals who would wish to finance terrorist activities do not prefer these type of products, and there is currently a lack of evidence to suggest that terrorist organisations are using corporate banking services in the EU. Therefore the terrorist financing threat is not significant in this product/sector.

Conclusions: the assessment of the terrorist financing threat related to corporate banking is considered as less significant (level 1).

Money laundering

The assessment of the money laundering threat related to corporate banking shows that this risk scenario is plausible. However, using corporate banking for money laundering requires more sophistication than the retail financial sector. Specifically, using corporate banking products or services for money laundering would require the complicity of financial/legal intermediaries who need to be paid for their ‘services’. There is evidence of the risk posed by such intermediaries. 55

Law enforcement agencies have evidence of professional money launderers acting as intermediaries for other organised crime groups that set up bank accounts for front or shell companies. Those corporate bank accounts are used for fake trade transactions, back-to-back loans with other corporate entities and real estate investments.

Conclusions: this method is used by organised crime groups, with an increasing role for intermediaries. In the view of law enforcement agencies, this method requires only moderate levels of knowledge and expertise. In this context, the money laundering threat related to corporate banking is considered as significant (level 3).

Vulnerability

Terrorist financing

The inherent risk of terrorist financing vulnerability in the corporate banking sector is of low significance. The different risk factors, products, customers, geographies and delivery channels in the sector mean that its use for terrorist financing purposes is not favoured. Individual perpetrators usually do not have the expertise to access the sector, while the low amounts of money used in terrorist attacks made other sectors more attractive for their purposes.

Conclusions: in light of this, the assessment of the terrorist financing vulnerability related to institutional investment through banks is considered as less significant (level 1).

Money laundering

The assessment of the money laundering vulnerability related to corporate banking made the following findings:

a) risk exposure

The inherent risk is potentially high due to the nature of customers and due to more complex transactions than in retail banking being involved. The identification of the beneficial owner of some firms is one of the main vulnerabilities of this product. Some trade-base transactions linked to corporate bank accounts can increase the money laundering risk, especially when high-risk jurisdictions are involved. The risk linked to forged documentation also affects the level of risk exposure, while the increasing role of intermediaries and facilitators working for organised crime groups can also affect the inherent risk of these products. Some cash-based transactions can be settled using these products when firms involved in corporate banking products are cash-intensive businesses.

Moreover, the inherent risk in these banking products can also be increased by the use of new technologies and non-face-to-face business relationships.

For anti-money laundering supervisors, differences in the make‐up and nature of Member States’ credit institution sectors are reflected in inherent risk ratings, which range from ‘significant’ and ‘very significant’ to ‘moderately significant’ and even ‘less significant’.

b) risk awareness

Sector awareness of risk is high, and the sector has developed tools to trigger appropriate red flags. Usually red flags are triggered in response to high-risk customers, high-risk jurisdictions and the existence of cross-border transactions. Financial intelligence units have confirmed this element, mentioning that a high number of suspicious transaction reports have been received on this matter. However, the sector complains about the lack of feedback from FIUs. That fact is limiting the sector’s ability to improve its monitoring systems.

In most Member States, AML supervisors provide guidelines to help credit institutions detect potentially suspicious corporate banking transactions.

c) legal framework and checks

Corporate banking is covered by AML/CFT requirements at EU level. This framework is considered as satisfactory as the framework covering other financial activities undertaken by credit institutions.

Most supervisors assessed the checks put in place by credit institutions to mitigate money laundering risks as ‘good’ or ‘very good’ overall. Despite this, they assess the effectiveness of these policies and procedures, particularly those related to ongoing monitoring of transactions and suspicious transactions reporting, as poor or very poor.

Conclusions: corporate banking presents some vulnerability due to risk factors associated with customers and geographical areas, and to a lesser extent associated with products and transactions. However, the legal framework in place is considered as being adapted to these vulnerabilities, while credit institutions involved in corporate banking activities are aware of the money laundering risks and are equipped to address them. In this context, the level of money laundering vulnerability related to corporate banking is considered as moderately significant/significant (level 2/3).

Risk level

As regards terrorist financing, the level of threat has been assessed as low (1).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as moderately significant/significant (level 2/3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for terrorist financing is 1, LOW, and for money laundering is 3, HIGH.

Mitigating measures

For the Commission:

· Introduction of a harmonised, directly applicable framework of customer due diligence requirements.

·Introduction of a harmonised requirements for identification of beneficial owners and harmonised framework of requirements applicable to beneficial owners and their associates.

·Establishment of the interconnection of beneficial owner registers at EU level.

For Member States / competent authorities:

·Effective implementation of Directive 2018/822/EU from 2020, under which intermediaries are required to submit information on reportable cross-border tax arrangements to their national authorities.

·Authorities should provide more substantive feedback on the submitted suspicious activities and transaction reports, organise training sessions and guidance on risk factors, with specific focus on non-face-to-face business relationships, offshore professional intermediaries, customers or jurisdictions, and on complex/shell structures.

·Thematic inspections to assess:

oeffectiveness of customer due diligence and enhanced customer due diligence as they apply to legal entities and legal arrangements, and how beneficial owner identification requirements are implemented.

4. Private banking sector

Product

Private banking and wealth management products and services

Sector

Credit institutions

Description of the risk scenario

Private banking is a service provided by credit institutions and investment firms to high net worth individuals, their families and corporate entities. In general, these services are tailored for each customer by combining multiple banking and other financial services in one package. For example, private banking services may include a mix of banking services (current accounts, mortgages and foreign exchange), investment management and advice, fiduciary services, safe custody, insurance, accounting, tax and estate planning and associated services, such as legal support.

Perpetrators are using all private banking and wealth management services for integration of criminal proceeds. Given the combination of sophisticated financial products and services, and a wealthy customer base, which sometimes includes politically exposed persons (PEPs), the sector can be abused also for tax evasion, especially in cases where assets of the beneficial owners are hidden behind complex ownership structures and direct private banking customers are the associates or family members of the actual beneficial owners.

General comments

For this risk scenario, financial services concern services provided to high net worth individuals only.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to private banking (wealth management) has not been considered as relevant. Therefore the terrorist financing threat is not part of the assessment. Nevertheless, wealthy terrorism sponsors might enter into asset or wealth management agreements with private banks with a view to harbouring their assets even though their assets or wealth under management might not be related directly to TF.

Conclusions: not relevant

Money laundering

The assessment of the money laundering threat related to private banking (wealth management) shows that this sector is most often used in connection with the following predicate offences: corruption and drug trafficking, fraud and tax evasion. This reduces the ‘scope’ of organised crime organisations that may rely on this risk scenario. It also requires some level of expertise, which makes it less easy to access and not very attractive (not financially viable). In private banking, the service is quite ‘high cost’ (need for sufficient funds to access the services) and the business relationship less easy to establish.

However, some groups can use facilitators to obtain access to private banking services through frontmen or legal persons.

Conclusions: based on the above, the money laundering threat related to private banking is considered as significant/very significant (level 3/4).

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability related to private banking (wealth management) has not been considered as relevant. In this context, the terrorist financing vulnerability is not part of the assessment.

Conclusions: not relevant

Money laundering

The assessment of the money laundering vulnerability related to private banking (wealth management) made the following findings:

a) risk exposure

The combination of sophisticated financial products and services, and a wealthy customer base (sometimes politically exposed persons) with often complex ownership structures of assets under wealth management make this sector highly vulnerable for money laundering purposes. Some of the products and services offered are also considered to present money laundering vulnerabilities, particularly those linked to tax compliance and planning. ‘Aggressive’ tax planning appears to be one such type of service. Furthermore, the sector presents a higher geographical risk due to the establishment of branches in some non-EU countries that do not necessarily have equivalent AML/CFT regimes to the EU AML/CFT framework.

b) risk awareness

According to financial intelligence units, private banking is characterised by a very low (almost non-existent) level of suspicious transaction reporting. As for private banking-related investment services, institutions sometimes face conflict between their commercial objectives and the need to fight against money laundering. The competition component is not negligible. However, for private banking the risk assessment is not always precise enough to ensure that the sector is aware of the risks it faces, in particular risks linked to fraud and tax evasion.

Supervisors consider that firms in this sector do not adequately mitigate the risk of the sector being abused for tax evasion purposes.

c) legal framework and checks

Private banking is covered by AML/CFT requirements at EU level. Most competent authorities that have inspected providers of private banking services have assessed the level of checks as ‘inadequate’ for customer due diligence (verification of customer’s identity, information about the origin of funds, verification of beneficial ownership — specifically with legal persons), monitoring transactions, and compliance function. They explain this weakness by: (i) the fact that the quality of the checks depends on the financial culture of a country; and (ii) that the understanding of the risks posed by this sector is not the same from one Member State to another.

Conclusions: High inherent risk due to the large amounts involved, high-risk customers (politically exposed persons) and potentially high-risk jurisdictions. Concerns about the sector’s risk awareness due to the competition between providers to attract high net worth individuals (who often demand high level of secrecy and discretion conflicting with AML/CFT CDD requirements) as customers, while the results of thematic inspections that have shown inadequate checks in certain areas. Moreover, the level of suspicious transaction reporting is low. In this context, the level of money laundering vulnerability related to private banking is considered as significant/very significant (level 3/4).

Risk level

As regards terrorist financing, the level of threat has been assessed as non-relevant.

RISK

1 – 1,5

1,6 – 2,5

2,6 – 3,5

3,6 – 4

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant/very significant (level 3/4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for money laundering is 3, HIGH.

Mitigating measures

For the Commission:

Introduction of a harmonised, directly applicable framework of customer due diligence requirements, including enhanced customer due diligence requirements related to Politically Exposed Persons and/or high-risk third country jurisdictions.

·Introduction of a harmonised requirements for identification of beneficial owners and harmonised framework of requirements applicable to beneficial owners and their associates.

·Establishment of the interconnection of beneficial owner registers at EU level.

For Member States / competent authorities:

Effective implementation of Directive 2018/822/EU from 2020, under which intermediaries are required to submit information on reportable cross-border tax arrangements to their national authorities.

Thematic inspections to assess:

oEffectiveness of customer due diligence and enhanced customer due diligence as they apply to legal entities and legal arrangements and how beneficial owner identification requirements are implemented.

oRisks associated with this sector should be clearly set out in the competent authorities’ money laundering/terrorist financing risk assessment. Competent authorities should issue guidance on best practices and provide training to the sector.

5. Crowdfunding

Product

Crowdfunding

Sector

Crowdfunding platforms

Description of the risk scenario

Crowdfunding service providers have different crowdfunding models, carrying different level of money laundering and terrorist financing risks. For instance, the activities to collect funds for later onward transmission are particularly vulnerable to money laundering, notably where the funds collected for an undetermined project remain in the investor’s account until the project is formaklly determined. Donation platforms can also be misused to disguise the illicit origin of funds or for TF purposes 56 . Perpetrators can also use platforms to collect/accumulate funds and transfers them abroad. As of 10 November 2023, the Regulation on European Crowdfunding Service Providers (ECSP) for business 57 will be in application and will require all payment be carried out through an authorised Payment Service Provider (PSP) as well as introduced other safeguards to mitigate these risks. There will however still be platforms operating in sectors not regulated under EU law, for example donation or reward-based crowdfunding platforms. Crowdfunding platforms, which are unregulated, could be set up under fictitious projects in order to allow collection of funds which are then withdrawn within the EU or transferred abroad, potentially for ML purposes or to finance terrorist attacks. This could be used either to collect funds from legitimate sources for the purpose of terrorist financing – or to collect illicit funds from criminal activities using anonymous products. ECSPs that collect funds for later onward transmission are particularly vulnerable to money laundering, including business models where the funds are collected for an undetermined project and consequently held in the investor’s account until the project is determined.

Threat

Terrorist financing

Terrorist groups may have the intent to use the crowdsourcing techniques to collect funds. Unregulated crowdfunding platforms may be used to fund fictitious investment projects with illicit funds or being misused for TF purposes where a fictitious reason is given for a crowdfunding project, which never materialises and the funds obtained from crowdsourcing are thereafter used for terrorist financing purposes. Overall, law enforcement authorities reported some cases relating to (unregulated) donation platforms where these techniques have been used; where they have, it has usually been to raise smaller amounts. In addition, suspicious activities are somewhat easier to detect and may deter terrorist groups from using this method, as it is not the most secure option. However, if perpetrators are more methodical in their planning, this could enable them to set up collection platforms with scope for more anonymous operations (use of strawmen or relatives), thus making this method more attractive. Law enforcement agencies have detected some cases of crowdfunding calls for donation, citing ‘support for widows, martyrs, religious groups’ in an attempt to avoid clear a linkage with terrorist financing. The value of the donations are low ($10, 20, 50, with most amounts in US dollars). The difficulty for law enforcement agencies is identifying the end recipient and the use of the donations (proof of terrorist financing). Risks are also increased due to the borderless nature of platforms given that potential donors can be located anywhere in the world, including in high-risk jurisdictions.

Europol Financial Intelligence Public Private Partnership (EFIPPP), general input on donations from the typology on Match-fixing/betting, case example:

A transnational organised crime group focused on money laundering through the football sector identified football clubs in financial distress and infiltrated it with benefactors who provide much needed short-term donations or investments. After gaining trust through donating, these same benefactors orchestrate the purchase of the clubs.

.

Conclusions: Law enforcement agencies have evidence of terrorist groups having used unregulated donation crowdfunding platforms. However, it is not financially viable to raise or channel large amounts this way. Also, it may be rather insecure compared to other types of services, or it requires more planning to hide the illicit intent. In this context, the terrorist financing threat related to crowdfunding is considered as moderately significant (level 2).

Money laundering

The assessment of the money laundering threat related to crowdfunding shows that there are different ways for criminals to use Crowdfunding platforms to actually launder the proceeds of crime. Thus, poorly supervised or unregulated Crowdfunding platforms could be vulnerable to being abused for ML purposes in case of collusion between the project owner and investor for fictitious projects. National competent authorities note that this risk was high as long as it was relatively easy to launch and market a crowdfunding project and the use of criminal intermediaries could make the sector more attractive for money laundering purposes. However, the Regulation on European Crowdfunding Service Providers (ECSP) should enhance the monitoring of the ECSPs and limit their misuses risk once it will be in force and law enforcement agencies consider that risks relating to crowdfunding platforms remain low, with some signs of instances where they could have been used for scam fundraising and fraud rather than to launder illicit funds.

Conclusions: criminals may have vague intentions to exploit this method, which is not necessarily attractive and may be costly. In any case, the method requires some expertise to be profitable. There is little evidence that it has been used, although the role of intermediaries is not negligible. In this context, the level of the money laundering threat related to crowdfunding is considered as moderately significant (level 2).

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability related to crowdfunding shows that the sector cannot be assessed in isolation.

a) risk exposure

The level of risk exposure varies depending on depending on whether the crowdfunding platform is supervised as a provider of financial services or is left unregulated (private initiatives on the internet). Likewise, the terrorist financing risk also depends on the type of platform. Unregulated donation-based crowdfunding platforms present a higher inherent risk of misuse for terrorist financing purposes as these platforms are outside the scope of financial institutions and of prudential and anti-money laundering supervisors. The inherent risk of crowdfunding is higher if crowdfunding platforms allow use of virtual currencies or (anonymous) electronic money. The inherent risk is also higher if perpetrators set up donation-based crowdfunding platforms allowing the use of strawmen, relatives or individuals out of the scope of sanction lists.

The level of risk exposure varies depending on whether crowdfunding is directly linked to financial institutions or left to private initiatives on the internet. The risk is higher if crowdfunding platforms use virtual currencies or (anonymous) electronic money. Depending on the type of platform vary TF risk as well, the riskier platforms for TF are donation platforms which are out of the scope of financial institutions and out of the AML legal framework.

b) risk awareness

Even when a crowdfunding platform is regulated as a financial service provider, there may be a lack of knowledge about the sources of funds and the purpose. When provided through unregulated platforms, crowdfunding services providers are outside the scope of any AML/CFT monitoring. Competent authorities, including at EU level, are aware that terrorist financing risks exist, but the risk assessment is still incomplete in most Member States. It should, however, be stressed that where these platforms are included in the list of obliged entities, financial intelligence units will receive suspicious transaction reports.

c) legal framework and checks

Legal divergence in this area is until now a major source of concern, and the absence of a harmonised framework setting out clear AML/CFT obligations applicable to crowdfunding platforms significantly increases the EU’s exposure to ML/TF risks. Crowdfunding platforms as such are not obliged entities under the AMLD, and while some Member States have included CFPs in their national legislation transposing the AMLD, not all Member States consider crowdfunding platforms as obliged entities 58 . Regulation (EU) 2020/1503 of the European Parliament of the Council on European Crowdfunding Service Providers for business 59 harmonises the regulatory approach for business investment and lending-based crowdfunding platforms across the Union and ensures that adequate and coherent safeguards are in place to deal with potential money laundering and terrorist financing risks. Among those, there are requirements for the management of funds and payments in relation to all the financial transactions executed on these platforms. Crowdfunding service providers must either seek a license or partner with a payment service provider or a credit institution, which are obliged entities under this Regulation, for the execution of such transactions. The Regulation also sets out safeguards in the authorisation procedure, in the assessment of good repute of management and through due diligence procedures for project owners. The Commission will assess by 10 November 2023 in its report on that Regulation whether further safeguards may be necessary. It is therefore justified not to subject crowdfunding platforms licensed under Regulation (EU) 2020/1503 to EU AML/CFT legislation.

Crowdfunding platforms that are not licensed under Regulation (EU) 2020/1503 are currently left either unregulated or to diverging regulatory approaches, including in relation to rules and procedures to tackle anti-money laundering and terrorist financing risks. To bring consistency and ensure that there are no uncontrolled risks in such environment, the European Commission envisages to add the crowdfunding platforms that will not be licensed under Regulation (EU) 2020/1503 to the obliged entities of the EU AML/CFT framework 60 . It is therefore reasonable to expect to have a more comprehensive and enhanced legal framework for crowdfunding platforms in the coming years.

For the time being however, some competent authorities consider that checks and supervisory actions are weak, particularly as many platforms are not established physically in the territory where they operate, which hinders the efficiency of checks. Where credit and financial institutions are involved, the effectiveness of obliged entities’ checks is lower as the obliged entities can rely only on more limited information to monitor transactions and apply red flags.

Conclusions: the sector is not homogeneous and the interdependency with other sectors can impact the level of vulnerabilities. Checks in place are not yet fully harmonised because a new cross-cutting framework dealing with this issue is currently being put in place, which will improve the situation. There are still some concerns about the risk awareness of the sector. In this context, the level of terrorist financing vulnerability related to crowdfunding is considered as moderately significant (level 2).

Money laundering

The assessment of the money laundering vulnerability related to crowdfunding shows similar vulnerability assessment as for terrorist financing.

a) risk exposure

The level of risk exposure varies depending on whether crowdfunding is directly linked to financial institutions or left to private initiatives on the internet. In both cases, the use of virtual currencies may increase the inherent money laundering risk. Depending on the type of platform, crowdfunding services may facilitate anonymous transactions. On lending and securities platforms, it is possible to raise larger amounts, making the inherent risk of money laundering higher than for donation platforms. However these crowdfunding platforms would normally be regulated, thus complying with disclosure requirements, and partner with payment or credit institutions in order to carry out payment transactions.

b) risk awareness

The infiltration of such platforms by criminal organisations should also be considered an additional vulnerability factor. Some law enforcement agencies and financial intelligence units tend to regard crowdfunding as a widespread way to launder money. Even when a financial institution is involved, there is a lack of knowledge about the sources of funds, the scope of the funding and its purpose. When provided through unregulated entities, crowdfunding services are outside the scope of any AML/CFT monitoring. Competent authorities, including at EU level, are aware that money laundering risks exist but some of them consider this sector as low risk and are not considering including crowdfunding platforms as obliged entities. It should, however, be stressed that where these platforms are included in the list of obliged entities, financial intelligence units will receive suspicious transaction reports.

c) legal framework and checks

Regulation (EU) 2020/1503 of the European Parliament of the Council on European Crowdfunding Service Providers for business 61 harmonises the regulatory approach for business investment and lending-based crowdfunding platforms across the Union and ensures that adequate and coherent safeguards are in place to deal with potential money laundering and terrorist financing risks. Among those, there are requirements for the management of funds and payments in relation to all the financial transactions executed on these platforms. Crowdfunding service providers must either seek a license or partner with a payment service provider or a credit institution, which are obliged entities under this Regulation, for the execution of such transactions. The Regulation also sets out safeguards in the authorisation procedure, in the assessment of good repute of management and through due diligence procedures for project owners. The Commission will assess by 10 November 2023 in its report on that Regulation whether further safeguards may be necessary. It is therefore justified not to subject crowdfunding platforms licensed under Regulation (EU) 2020/1503 to EU AML/CFT legislation.

Crowdfunding platforms that are not licensed under Regulation (EU) 2020/1503 are currently left either unregulated or to diverging regulatory approaches, including in relation to rules and procedures to tackle anti-money laundering and terrorist financing risks. To bring consistency and ensure that there are no uncontrolled risks in such environment, the European Commission envisages to add the crowdfunding platforms that will not be licensed under Regulation (EU) 2020/1503 to the obliged entities of the EU AML/CFT framework 62 . It is therefore reasonable to expect to have a more comprehensive and enhanced legal framework for Crowdfunding platforms in the coming years.

For the time being however, even when crowdfunding platforms are considered obliged entities, competent authorities consider that checks and supervisory actions are weak, particularly as many platforms are not established physically in the territory where they operate, which hinders the efficiency of checks. Where credit and financial institutions are involved, the intensity of obliged entities’ checks may be lower if the obliged entities can rely only on more limited information to monitor transactions and apply red flags.

Conclusions: the risk exposure is rather limited, although large sums may be involved in some specific crowdfunding business models. The checks in place are not harmonised because there is no cross-cutting framework dealing with this issue. When regulated, these platforms are well aware of their risks and the level of reporting is good. The checks in place are still sometimes weak, especially when obliged entities rely on limited information to carry out checks. The new regulation on European crowdfunding business providers will improve this framework. In this context, the level of money laundering vulnerability is considered as moderately significant (level 2).

Risk level

As regards terrorist financing, the level of threat has been assessed as moderately significant (2), while the level of vulnerability has been assessed as moderately significant (2).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as moderately significant (2), while the level of vulnerability has been assessed as moderately significant (2).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both, money laundering and terrorist financing, is level 2, MEDIUM.

Mitigating measures

In its legislative proposal the Commission has added as obliged entities “crowdfunding service providers other than those regulated by Regulation (EU) 2020/1503”.

For the competent authorities:

·Member States should consider the need to define unregulated crowdfunding platforms as complementary obliged entities subject to AML/CFT requirements.

·Member States should closely monitor the legal developments related to the treatment of crowdfunding services providers and crowdfunding platforms for AML/CFT purposes.

·Member States should assess risks associated with crowdfunding in their jurisdiction, even where crowdfunding services providers and crowdfunding platforms are not obliged entities, as these risks may have an impact on regulated services.

·Member States should consider further communication to set out clearly their regulatory expectations in respect of the sector as well as the risks to which crowdfunding services providers and crowdfunding platforms are exposed 63 .

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

For the sector:

·Crowdfunding services providers (CSPs) should know their customers to prevent their crowdfunding platforms from being used to fund fictitious investment projects with illicit funds or being misused for ML or TF purposes.

·Crowdfunding services providers should take into account, among others 64 , the following risk factors as potentially contributing to increased risk when performing customer due diligences:

obusiness models where funds are collected through the crowdfunding platform but allows for later onward transmission (including where money is collected for an undetermined project and consequently held in the investor’s account until the project is determined; or where money is collected but may be returned to the investors where the fundraising target is not met, or where the project owner has not received the money);

obusiness models allowing early redemption of investments, early repayment of loans, or resale of the investments or loans through secondary markets;

othe absence of restriction on the size, volume or value of the transactions, loading or redemption processed through the crowdfunding platform, or the amount of funds to be stored in individual investor accounts;

othe possibility for investors to make payments through the crowdfunding platform with instruments not regulated or subject to less robust AML/CFT requirements than those required by Directive (EU) 2015/849.

6. Currency exchange

Product

Conversion of funds

Sector

Currency exchange offices (Bureaux de change)

Description of the risk scenario

Perpetrators are converting their funds into another currency to facilitate the conversion, transfer or laundering of funds 65 . Currency exchange offices can be used for money laundering purposes either by performing relevant transactions without knowledge of the illegal origin or destination of the funds concerned or by a direct involvement of the staff/management of the provider through complicity or takeover of such businesses by the criminal organisation 66 . Currency exchange offices are usually key nodes with the money laundering controller networks.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to currency exchange shows that this modus operandi is exploited by terrorist groups, especially by foreign terrorist fighters.

The EUR/USD conversion is particularly attractive for these groups. Bringing currency into conflict zones is one of the main ways of financing the movement of foreign terrorist fighters. From a technical point of view, the conversion of funds does not require specific planning, knowledge or expertise and is quite easy to access. Although it does not consist in raising or transferring funds, it is a necessary step for moving physically ‘clean’ currency (most of the time in cash). Terrorist groups may consider that currency exchange is as attractive as collecting or transferring funds to finance their activities.

Europol Financial Intelligence Public Private Partnership (EFIPPP) information based on typologies: Services of ML Controller Networks (MLCNs) include ‘cash swap’: cash is collected in a currency and paid out in another currency, including cryptocurrency.

.

Conclusions: terrorist groups show some intent and capability to use currency exchange to sustain/carry out their operations. This scenario does not require specific planning or expertise and has already been used. In this context, the level of terrorist financing threat related to currency exchange is considered as significant (level 3).

Money laundering

The exchange office method is highly suitable to achieving money laundering objectives. In particular, the launderer can employ the office either as an operator or customer. The former is riskier; however, it facilitates an integration, whereas the latter is only applicable to the placement or the preparation of a placement. If the money launderer desires to launder smaller amounts of money on an irregular basis, they may frequent the office as a customer or send a straw man. 67

The most adequate placement should be in a city with many tourists holding different currencies from various nations. High volumes of money can be easily converted, making it easy for these criminal organisations to access to ‘clean’ currency. As with terrorist financing, currency exchange does not require specific planning or expertise for money laundering purposes. However, the volume of suspicious transactions is currently difficult to assess.

Currency exchange offices could also be part of a cash pool in a money laundering controller network.

Conclusions: although the volume of cases is difficult to assess by law enforcement agencies, the indicators show that criminal organisations may use currency exchange to launder proceeds of crime. This scenario does not require specific planning or expertise and has already been used. In this context, the level of the money laundering threat related to currency exchange is considered as significant (level 3).

Vulnerability

Terrorist financing

Vulnerability in currency exchange is linked to the transfer of funds. There are two different ways to perform the transactions:

·use of cash to exchange and transfer the funds to a specified bank or payment account;

·use of the internet to perform the currency exchange and transfer the funds to a bank account or payment account.

a) risk exposure

The fact that most of the transactions are in cash increases the sector’s vulnerability. Moreover, potential transactions linked to terrorist financing usually involve small amounts of cash that are more difficult to detect by currency exchange offices.

b) risk awareness

In some risk scenarios, money value transfer services (MVTS) providers are associated with currency exchange offices or even operate from the same premises. In such cases, alert systems and red flags applied by MVTS providers to detect terrorist financing-linked transactions are applied to the previous currency exchange transaction. The negative effect is that currency exchange offices rely on MVTS providers’ terrorist financing checks. The currency exchange office itself is not always in a position to trace the whole transaction, detect potentially suspicious transactions and have a complete business relationship with their customers.

Risk awareness in the sector is high, especially when currency exchange offices are close to MVTS, but the level of suspicious transaction reporting remains low except in specific cases such as USD conversion requested from high-risk non-EU countries (e.g. Syria).

c) legal framework and checks

Currency exchange offices are covered by the AML/CFT framework at EU level. Supervisors consider that checks relating to the effectiveness of suspicious transaction reporting are in general poor or very poor, similar to checks related to customer identification and verification 68 . In that sense, new technological developments may become an important mitigating force for this sector with the increase of online payments. Supervisory activities have been mostly limited to off-site inspections, with some thematic inspections carried out in response to identified concrete risks. When some jurisdictions apply thresholds for occasional transactions, vulnerability is higher, especially for terrorism financing risks, where low amounts are the norm.

Conclusions: Controls in the sector are not very effective and rely on associated sectors such as MVTS providers and banks. Thresholds for occasional transactions can significantly affect the monitoring systems and customer due diligence requirements, increasing terrorist financing vulnerability. In this context, the level of terrorist financing vulnerability related to currency exchange is considered as significant (level 3).

Money laundering

The assessment of the money laundering vulnerability related to currency exchange made the following findings:

a) risk exposure

The fact that most transactions are in cash affects vulnerability; that effect is more pronounced when the customer uses large denomination notes, which are not well monitored. Other factors that increase the sectoral risk are the use of these services by politically exposed persons or the currency exchange offices being located in border zones. The main risk factor is the infiltration of currency exchange offices or agencies by criminal organisations. Inherent risk increases if firms have inadequate tools to detect potentially bad currency exchange agents.

b) risk awareness

In some risk scenarios, MVTS providers are associated with currency exchange offices, operate out of the same premises, or even the same employee takes charge of both transactions. In such cases, alert systems and red flags applied by MVTS providers to detect money laundering-linked transactions are applied to the previous currency exchange transaction. The negative effect is that currency exchange offices rely on MVTS providers’ money laundering checks. For anti-money laundering purposes, the level of reporting is uneven from one Member State to another, and does not necessarily consist in suspicious transaction reports (mostly currency transaction reports).

Supervisors’ assessments of the inherent risk for currency exchange sector are divergent, ranging from very significant to less significant. The core current risks identified include: the anonymity of transactions, proximity to border regions and itinerant communities (migrants, cross-border workers, asylum seekers, tourism), and the prevalence of cash transactions. Different competent authorities have identified these as the source of greatest concern.

c) legal framework and checks

Currency exchange offices are covered by the AML/CFT framework at EU level. Supervisors do not consider the currency exchange sector as high-risk in general; according to this assessment, resources to supervise this sector are lower than other sectors. Additionally, many competent authorities cited as ongoing risk factors poor internal checks, a lack of awareness of the relevant regulatory context and poor reporting practices on suspicious activity, despite checks being implemented. Another factor that hinders proper checks in currency exchange offices is the threshold that can be set out in different countries to apply customer due diligence obligations only for occasional transactions; in any case, most Member States apply thresholds lower than EUR 15,000.

Conclusions: awareness in the sector is rather uneven, and checks in place are not efficient given the low level of reporting. Competent authorities do not consider that the rules and supervision work effectively. In this context, the level of money laundering vulnerability related to currency exchange is considered as significant (level 3).

Risk level

As regards terrorist financing, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both, money laundering and terrorist financing, is level 3, HIGH.

Mitigating measures

For Member States / competent authorities:

·Competent authorities should conduct a number of on-site thematic inspections focusing on risks posed by agents. The scope of these thematic inspections should include checking that MVTS or currency exchange firms have a comprehensive agent oversight function including efficient monitoring systems, on-site reviews and training.

·Member States should eliminate thresholds for applying customer due diligence to occasional transactions in currency exchange sector in order to improve monitoring of suspicious transactions. An alternative option could be to impose a complete identification of customers doing several exchange transactions in a limited period (3-5 consecutive days). Some operators already applied such mechanism to monitor suspicious transactions.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

For the sector:

Technology assists the industry to meet compliance requirements set out by the regulator: some exchange business rely on cameras connected into a database, which alert authorities in case a listed, or even non-habitual, person is recognised. Systems for scanning photo ID documents can already indicate whether ID documents presented for the transaction are valid.

·Compliance should be accompanied by the implementation of suitable CDD mechanisms to accurately establish the identities of customers, and of transaction monitoring and screening measures.

·Transaction monitoring and screening measures should be focused on identifying high-risk customers and transactions, characterized by “red flag” behaviours and activities like, for instance:

oSuspicious transactions patterns or transactions taking place in unusual circumstances.

oTransactions through non-face-to-face services.

oPossible indications on agents or mules being used to conduct transactions on behalf of a third party.

oCustomers who falsify or conceal their identities.

oCases of multiple connected transfers in different currencies or into and out of different countries.

oTransactions to high risk third countries known to be major international and regional financial centres and trading hubs where many bureaux de change are situated, such as UAE and Hong Kong.

oCustomers who are politically exposed persons (PEPs), or who are on sanctions lists.

7. E-money sector

Product

E-money

Sector

Credit and financial institutions

General description of the sector and related product/activity concerned

‚Electronic money’ is defined under the second E-Money Directive (‘EMD2’, 2009/110/EC) as electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions and which is accepted by a natural or legal person other than the electronic money issuer. ‘Electronic money institutions’ are legal persons that have been granted authorisation under E-Money Directive requirements to issue electronic money, they are also considered as obliged entities submitted to Directive (EU) 2015/849 (AMLD) as modified by directive 2018/843. A key characteristic of e-money is its pre-paid nature. This means that an account, card or a device needs to be credited with a monetary value in order for that value to constitute e money. E-money can for example be stored on cards, on mobile devices, and in online accounts. Depending on the way e-money is stored, it can be classified as ‘hardware-based’ or ‘software-based’. Most e-money products require identification of the owner, however some products benefit from the exemptions under the AMLD, which allow owners to remain anonymous.

E-money typology

A first classification of e-money products depends on the technology used to store the monetary value: products can be hardware-based or software-based.

For hardware-based products, the purchasing power resides in a physical device, such as a chip card, with hardware-based security features. Monetary values are typically transferred by means of device readers that do not need real-time network connectivity to a remote server.

Software-based products have specialised software that functions on common devices such as computers or tablets. To enable the transfer of monetary values, the device typically needs to establish an online connection with a remote server that controls the use of the purchasing power. Schemes mixing both hardware and software-based features also exist.

Other potential distinctions between e-money products is the manner in which e money is created or issued. The key distinction relates to whether e-money is pre-paid by the user (payer) or by a third party on behalf of or in favour of the payer (e.g. by a company in the case of business-to-business cards or by a merchant in multi merchant loyalty schemes).

E-money products can be reloaded (to add more value after the initial issuing of e-money by the issuer) or not.

How e-money products are classified depends on whether the product is multifunctional or is linked to a platform. Both types are used online, but the latter only allows purchases in a single platform and does not allow peer-to-peer transfers. In both cases, a bank account is needed for loading the e-money products. Another category includes prepaid cards or vouchers with customer due diligence exemptions: these products can be used online or offline and can be purchased with cash.

Not all monetary value that is stored electronically should be considered as e-money in the context of the EMD2. Limited network products such as gift cards and public transport cards that can only be used with a certain retailer or a chain of defined retailers are outside the scope of EMD2, to the extent such instruments meet the conditions to fall under the limited network exemption in the EMD. Also, virtual assets such as Bitcoin are not considered as e-money as they are not issued on receipt of funds.

Description of the sector

Systematic examination of the market in terms of volume and value of e-money transactions is more complex. Although the European Central Bank (ECB) serves as a central source of statistical data on the value and volume of e-money transactions, there are numerous data gaps. According to the ECB, this is mainly because only euro area Member States are required to report statistical information, with remaining Member States doing this voluntarily.

Although existing ECB statistics do not provide a full picture of the size of the e-money market, they provide some indications concerning the orders of magnitude related to the market size, as well as changes over time.

According to the ECB data on the e-money market, in 2019, the value of e-money payment transactions with e-money issued by resident PSPs – from EU amounted to EUR 195,8 billion 69 . The same year, the value of e-money payment transactions with e-money issued by resident PSPs – from Luxembourg (hosting PayPal and Amazon) amounted EUR 143,674 billion 70 , while reaching EUR 36,6 billion in Italy 71 and only EUR 0,9 billion in Germany and EUR 0,561 billion in France. The average transaction value on that basis was of EUR 42. The number of e-money payment transactions – with e-money issued by resident PSPs from EU in 2019 was 4,66 billion 72 (including EUR 3,35 billion in Luxembourg, some EUR 0,98 billion in Italy but only 61 million in France and 33 million in Germany). The number of e-money payment transactions with e-money issued by resident PSPs from EU reached EUR 4,66 billion in 2019 73 . In the five-year period from 2015-2019, the number of e-money payment transactions with e-money issued by resident PSPs from EU increased by 95,7% (EUR 2,38 billion in 2015). These data are however not complete as they do not include several non-euro area markets and therefore underestimate the actual size of the EU market.

The ECB statistics do not cover limited network markets, including the gift card market. However, these cards are outside the scope of the AML/CTF legislation, at EU or national level, as their use is restricted to limited networks of retailers, or petrol stations (for fuel cards), and hence such cards present low AML/CTF risks.

Relevant actors

Electronic money can be issued by credit institutions, electronic money institutions and post office giro institutions are entitled under national law to issue electronic money. E-money can also be issued by the European Central Bank and national central banks when not acting in their capacity as monetary authority or other public authorities. Member States or their regional or local authorities when acting in their public capacity can also issue electronic money.

This sector appears to be highly concentrated, with the majority of e-money issuers within the EU based in Belgium, the Czech Republic, Denmark, Latvia and the Netherlands. Outside of the EU, the United Kingdom is also a major market for the industry. As regards the different business models, three types of actors are recognised in EMD2:

·the issuer: entity which ‘sells’ e-money to the customer (whether a consumer or a business) in exchange for a payment. It is also the entity that requires authorisation to issue electronic money and is regulated by EMD2;

·the distributor: entity other than the issuer that can distribute or redeem e-money on behalf of the issuer (i.e. it re-sells the e-money issued by the issuer, such as a retail outlet selling prepaid cards);

·the agent: entity that acts on behalf of the e-money issuer, enabling issuer to carry out payment services activities (except for issuing e-money) in another Member State without establishing a branch there.

In practice, this distinction appears to be most frequently used by the consulted e-money issuers primarily in the context of cross-border provision of e-money services, with selected issuers using ‘distribution partners’ in order to operate in other Member States 74 .

Description of the risk scenario

Perpetrators use characteristics and features of some of new payment methods ‘directly’ using truly anonymous products (i.e. without any customer identification) or ‘indirectly’ by abusing non-anonymous products (i.e. circumvention of verification measures using fake or stolen identities, or using strawmen or nominees etc.). Nevertheless, the latter option is costly and it is an easier option for perpetrators to deal with intermediaries in the delivery channel.

Perpetrators can load multiple cards under the anonymous prepaid card model. This multiple reloading could lead to substantial values, which can then be carried out abroad with limited traceability. It is also to be noted that some cards can still be loaded with cash, which increases the risk of ML. It is only when money stored in cards is used that e-money issuers have a chance to trace or monitor transactions.

Threat

The main contributing factors that expose the sector to ML/TF risks are those associated with distribution channels, as the use of intermediaries in the distribution chain can make it more difficult to perform adequate AML/CFT controls and oversight. Other risks factors according to national competent Authorities are linked to the sector’s extensive reliance on non-face-to-face identification processes (with increased risks of computer fraud and use of false documents), the relative anonymity of the customer for some of the products benefitting from exemptions under the AMLD, the ease and speed of e-money transactions and the poor overall awareness of ML/TF risks 75 .

Terrorist financing

E-money products present some advantages over cash when it comes to making online payments, and the use of these products does not require great expertise. Taking into account the low amounts of money needed for terrorist attacks, it can sometimes be easier to pay for some products or services (hotels, car rentals) using e-money products than by cash, even if perpetrators have to pass customer due diligence measures because payments are above the thresholds. On the other hand, e-money products are more traceable than cash.

When perpetrators send money to conflict zones e-money products can be safer to carry out, but using them as a means of payment in those countries can be more complicated than using cash as some e-money issues have placed restrictions on certain geographical areas where the cards can be used.

Law enforcement authorities have gathered evidence that e-money loaded onto prepaid cards has been used to finance terrorist activities, in particular to help terrorists commit attacks (e.g. hotel or car rentals). However, the threat from using prepaid cards or e-money products for this purpose is independent of the need to get through customer due diligence measures to gain access to e-money products.

In summary, e-money products may have better traceability than cash, however, considering the speed of transactions and the possibility to physically transport the cards to jurisdictions designated as high risk for terrorism, even when the transactions are traced, it may be difficult to track the perpetrators. The level of threat is independent of the thresholds for applying customer due diligence if perpetrators are not included in sanction lists.

Europol Financial Intelligence Public Private Partnership (EFIPPP) typology information:

Misuse of Public Funds: Government payments are channelled to prepaid cards that are eligible to process and receive direct-deposit payments even a few days earlier before the payment is due (in US).

Non-delivery scam: The merchant requests payments that are unusual for the type of transaction in question or unusual for the industry’s pattern of behaviour. For example, instead of a credit card payment, the merchant requires a pre-paid card, the use of a money services business, convertible virtual currency, or that the buyer send funds via an electronic funds transfer to a high-risk jurisdiction

Counterfeit goods: Financial products being used are a) E-Money and payment accounts (incl. virtual IBANs), b) Credit cards and pre-paid cards, c) Bank accounts (incl. virtual IBANs), d) Virtual assets. Virtual Assets Service Providers (VASPs) are amongst the “financial institutions” used.

Match-fixing/betting: electronic payment methods are used to open betting accounts online. Widespread use of cash couriers, money service businesses and increasingly e-wallets payment service providers to transfer the proceeds of crime linked to sports corruption cases and to fuel online betting accounts for large-scale match-fixing operations.

Corruption and bribery: electronic money and payment institutions are both mentioned in relation to corruption and bribery.

Conclusions: Evidence shows what e-money, specifically pre-paid cards, have been used by terrorist groups to finance their activities in the past. Given the low amounts of money used and the fast speed of transactions makes the detection of these transaction extremely challenging. However, cash is still a preferred way to send money to conflict zones or to avoid traceability. Law enforcement authorities have evidence that this modus operandi has been used, but the threat is independent of the thresholds for apply customer due diligence. In this context, the level of terrorist financing threat related to e money is considered as significant (level 3).

Money laundering

The assessment of the money laundering threat is linked to some cash-based products that can be used by criminal organisations, including non-EU ones, through distributors of these products. E-money products have some advantages over cash when it comes to moving that money outside the EU or to different Member States. Nevertheless, cash remains a preferred option for these groups.

Financial intelligence units have detected multiples cases of misuse of e-money (tax fraud, drug trafficking, prostitution) through the purchase of multiple prepaid cards. Law enforcement authorities have found cases where the proceeds of drug trafficking were laundered by prepaid cards. Prepaid cards may enable large amounts to be moved about easily. However, since the use of frontmen is costly when circumventing customer due diligence thresholds and laundering large amounts of money, it easier to use agents involved in the delivery channel of e-money products.

Conclusions: Unlike in the case of terrorist financing, e-money is attractive for criminal organisations due to the cumulated large flows of money it represents, especially when loaded onto prepaid cards or vouchers of value benefitting from customer due diligence exemptions, which can be used online or offline and can be purchased by cash. While some connection is often needed with e-money issuers’ agents or distributors in their delivery channels there are cases where customer due diligence are not properly performed, in particular when cards are sold by distributors who are not obliged entities. Nevertheless, criminal organisations prefer until now to use cash than e-money products. In light of this, the level of the money laundering threat related to e-money is considered as significant (level 3).

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability related to e-money made the following findings:

a) risk exposure

The e-money sector is not homogeneous, due the wide range of products in which the level of terrorist financing and money laundering risks are completely different. Some e-money products of low value that are not linked to a current account (cash-based products 76 ) offer anonymity features similar to cash because they are exempt from customer due diligence measures. Particular concerns concerning prepaid cards are also linked to situations where there is no limit to the number of cards a customer could own. The terrorist financing inherent risk can be significant in these specific e-money products due the low amounts used in terrorist attacks and because they offer a discrete way to make low payments in comparison with cash. Nevertheless, perpetrators still consider the use of cash as a preferred option due to the complete anonymity.

The terrorist financing inherent risk for non-cash-based e-money products can be considered similar to that of other banking products or credit cards. Despite the origins of funds being known and traceability of payments being complete, perpetrators can use these products as a means of payment even if they have to pass customer due diligence measures. This is because most of the time perpetrators may provide evidence of legitimate income and are not within the scope of sanctions regime. Regtech 77 solutions were also identified as key current risks, with increased risks of computer fraud and use of false documents.

In respect of TF, e-money products is of particular interest for moving safely money to conflict zones, including for terrorist financing purpose.

Inherent risk depends mainly on the structure of the product, but even e-money products non-cash-based can present a significant risk if the funds are legitimate, perpetrators are not on the sanction lists and the amounts of money needed are low. It is remarkable that financial sanctions target individuals or groups that are already known to pose a threat, whereas risk often emanates from individuals who are not yet identified. In that sense, the terrorist financing inherent risk is independent of the thresholds or the customer due diligence measures applied.

b) risk awareness

Sector awareness can be considered high, especially after some terrorist attacks where e-money products were used. However, there are still some concerns among supervisors as to whether e-money firms who sell products with an exemption from customer due diligence are able to perform efficient monitoring and reporting of suspicious transactions. On the other hand, the results of thematic inspections to the sector has shown a good level of checks and risk assessment in the firms inspected. Most supervisors classify the sector’s overall risk as ‘moderately significant’ or ‘significant’.

There is an increasing number of initiatives aimed at engaging with competent authorities and law enforcement authorities; these can contribute to raising the risk awareness in the sector and to improving efficiency.

c) legal framework and checks

E-money is covered by AML/CFT requirements at EU level. Under the AMLD, some e-money products benefit from an exemption regime which means that when some risk-mitigating conditions are met (the payment instrument is not reloadable, or has a maximum monthly payment transactions limit of EUR 150, which can be used only in the Member State of issuance, the payment instrument is used exclusively to purchase goods or services and cannot be funded with anonymous electronic money), certain customer due diligence measures need not to be applied. On the other hand, the AML Directive require e-money issuers to always carry out sufficient monitoring of the transactions, the thresholds for allowing these customer due diligence derogations have already been lowered in 2018 and the European Commission envisages to possibly further limit these possibilities in the future.

In addition, Member States may require electronic money issuers whose head office is situated in another Member State (home Member State) but operating in their jurisdictions (host Member State) under either the right of establishment or the freedom to provide services to appoint a central contact point in their territory. That central contact point shall ensure, on behalf of the institution operating on a cross-border basis, compliance with AML/CFT rules and shall facilitate supervision by supervisors, including by providing supervisors with documents and information on request.

Having effective checks in place in relation to terrorist financing can require a lot of AML/CFT staff, which can affect the business model of small e-money firms and reduce the efficiency of their monitoring systems, even when they have proper software tools to monitor transactions. In that sense, when it comes to terrorist financing risks, the efficiency of checks is independent of the customer due diligence measures applied and depends more on the quality of the databases checked to detect transactions and customers linked with terrorist financing. The sector’s engagement with competent authorities and law enforcement authorities is crucial to improve efficiency and mitigate such risks.

Conclusions: The lower thresholds set out in the 5th AMLD will reduce the anonymity of the riskiest products and therefore the vulnerability of the sector. Risk awareness has improved, as has been confirmed by some supervisors, but there are still some concerns about the efficiency of their systems to monitor and report suspicious transactions linked with terrorist financing activities. In this context, the level of terrorist financing vulnerability related to e money is considered as very significant (level 3).

Money laundering

The assessment of the money laundering vulnerability related to e-money shows made the following findings:

a) risk exposure

Among the wide range of e-money products, the products most exposed to money laundering risks are the ones that can be purchased for cash. The use of these products individually for money laundering purposes is costly because of the lower thresholds and the cost of hiring frontmen to circumvent the thresholds for applying customer due diligence. As a result of their supervisory activities, National competent authorities identified a relatively small number of breaches. In 2018, where breaches were identified, these were mostly serious, with egregious breaches identified in only few cases. In 2019, breaches identified were mostly minor or moderate, with no egregious breaches reported 78 . However, the main contributing factors that expose the sector to ML/TF risks are those associated with distribution channels. This is because the use of intermediaries in the distribution chain is common in the sector, which can make adequate AML/CFT controls and oversight more difficult.

Perpetrators or facilitators can have an external agreement with these agents or distributors to purchase large amounts of prepaid cards and move those funds across Member States or non-EU countries, or even to sell such amounts of prepaid cards at a discount to third parties.

If e-money firms do not have robust checks over their distributor’s network and detect potential rogue distributors, such distributors will be able to avoid applying customer due diligence measures properly and to introduce fake documents into the system, in a similar way as occurs with rogue agents of money remittance firms. As a consequence, the risk inherent in distribution models is determined primarily by the extent to which e‐money is distributed by persons other than the e‐money issuer.

The money laundering inherent risk is considerably lower for the remaining e-money products linked to a bank account or a payment account.

b) risk awareness

The sector trusts in the use of technology for its checks over e-money products and assesses the money laundering risk posed by its products, even pre-paid cards or cash-based vouchers, as ‘less significant’ or ‘moderately significant’. The issuer of the e-money has access to the product at every moment and has resources to deactivate cards in case of suspicious transactions. Most supervisors have assessed the sector’s overall risk profile as ‘moderately significant’ or ‘significant’. The difference in perception between the sector and supervisors stems mainly from divergent views of the extent to which e-money issuers’ AML/CFT checks are effective. On the other hand, in one EU Member State where many licences have been issued, the supervisory authority has recently conducted a thematic inspection in the sector and has found a good level of checks and risk assessment in the firms inspected.

c) legal framework and checks

E-money is covered by AML/CFT requirements at EU level. Under the AMLD, e-money products benefit from an exemption regime which means that when some risk-mitigating conditions are met (the payment instrument is not reloadable, or has a maximum monthly payment transactions limit of EUR 150, which can be used only in the Member State of issuance, the payment instrument is used exclusively to purchase goods or services and cannot be funded with anonymous electronic money), certain customer due diligence measures need not to be applied. On the other hand, the AML Directive requires e-money issuers to always carry out sufficient monitoring of the transactions, the thresholds for allowing these customer due diligence derogations have already been lowered in 2018 and the European Commission envisages to possibly further limit these possibilities in the future.

In addition, Member States may require electronic money issuers whose head office is situated in another Member State (home Member State) but operating in their jurisdictions (host Member State) under either the right of establishment or the freedom to provide services to appoint a central contact point in their territory. That central contact point shall ensure, on behalf of the institution operating on a cross-border basis, compliance with AML/CFT rules and shall facilitate supervision by supervisors, including by providing supervisors with documents and information on request.

Supervisors identified weaknesses in particular in the effectiveness of monitoring, the identification of suspicious transactions, and internal checks and oversight. However, the sector relies heavily on transaction monitoring as a risk mitigation tool, which includes effective distributor’s network oversight, that may require additional staff in addition to technology, increasing vulnerability in small e-money firms.

Conclusions: e-money cash-based products are more vulnerable than other bank account-based e-money products because of the higher level of anonymity. The level of money laundering awareness in the sector is high, but there are still some doubts among supervisors about monitoring systems, specifically in connection with large distributor’s networks and with cash-based e-money products. In this context, the level of money laundering vulnerability related to e-money is considered as significant (level 3).

Risk level

As regards terrorist financing, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both, money laundering and terrorist financing, is level 3, HIGH.

Mitigating measures

For the competent authorities:

·Member States competent authorities should carry out more robust risk assessment of the sector to the extent that Electronic money issuers are active on their territory, clearly identifying and assessing all ML/TF risk factors in their national risk assessments 79 .

·Member States competent authorities should also consider how best they can use a mix of different supervisory tools to supervise the sector more efficiently and in line with that risk profile. While full-scope on-site inspections may not be necessary in every case, Member States competent authorities should consider how they can use, for instance, on-site thematic reviews to ensure adequate supervisory coverage of a sufficiently large number of firms.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

For the European Commission:

·The European Commission should reassess whether the current exemption contained in the AML directive with respect to customer due diligences in the context of electronic money transaction keeps a legitimacy and should be maintained or whether it could possibly be further limited.

8. Transfers of funds and money remittance

Product

Transfers of funds and money remittance

Sector

Credit and financial institutions — money value transfer services

General description of the sector and related product/activity concerned

Under Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (Text with EEA relevance), ‘transfer of funds’ means any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including (a) a credit transfer 80 ; (b) a direct debit 81 ; (c) a money remittance 82 , whether national or cross border; (d) a transfer carried out using a payment card, an electronic money instrument, or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics.

Money value transfer or money remittance is defined under the second Payment Services Directive (PSD2) as a payment service where funds are received from a payer by means of a communication, message, transfer, or through a clearing network to which the MVTS provider belongs, without any payment accounts being created in the name of the payer or the payee, for the sole purpose of transferring a corresponding amount to a payee or to another payment service provider acting on behalf of the payee, and/or where such funds are received on behalf of and made available to the payee. Transactions performed by such services can involve one or more intermediaries and a final payment to a third party, and may include any new payment methods. They represent one of the most risky activity among the different payment services performing transfer of funds. A key example of money remittance is the remittances service offered by large agency network providers (money value transfer systems or ‘MVTS’), where the payer gives cash to a payment service provider’s agent to make it available to the payee through another agent.

Statistics

Money remittance is a payment service that can be provided by payment service providers including credit institutions, e-money institutions, and authorised payment institutions. Money remittance is the payment service for which authorised payment institutions are most commonly authorised for.

Most migrants use MVTS services for a variety of reasons, including because they offer lower fees than banks, are more widely accessible (i.e. opening hours), and more fundamentally, because in most developing countries, the network on MVTS is the widest (as compared to banks) and many people do not have access to bank accounts in developing countries. According to the World Bank, inflows from remittances were equivalent to more than 10% of 2015 GDP in 29 countries, and more than 20% in eight of them 83 .

General ECB statistics also show that in 2019, the total amount of remittances sent from EU Member States amounted to EUR 200,4 billion, with a slight increase compared to 2018 (EUR 194,5 billion) 84 .

The market landscape shows that different types of MVTS providers are operating. This is reflected in the Payment Services Directive, which provides for ‘registered MVTS’ and ‘authorised MVTS’.

Description of the risk scenario

Terrorist financing

Perpetrators use money and value transfer services provided by financial institutions to place and/or transfer funds that are in cash or in anonymous e-money (non-account-based transactions). They use MVTS services to transfer rapidly amounts across jurisdictions, usually favouring a series of low value transactions to avoid raising red flags.

Money laundering

Perpetrators may use MVTS services to carry out a number of illicit operations. Most licensed or registered MVTS providers hold accounts at banks in order to process transfers and settle accounts with agents both domestically and internationally. However, settlement may be done through wire transfers, often involving aggregated amounts, processed through the international banking system. In addition, settlement can be done through third party payment providers 85 :

·Proceeds of crime are laundered through settlement systems in a non-EU country. MVTS providers channel funds through highly complex payment chains with a high number of intermediaries and jurisdictions involved in the funds circuit, hindering the traceability of illicit funds. MVTS providers operating along the payment chain often establish formal and/or informal settlement systems (frequently along with trade-based money laundering techniques), also hampering traceability of illicit funds.

·Large sums of cash are broken down into smaller amounts that are below the thresholds for which stricter customer identification is required.

·Proceeds of crime are placed in the financial system through a regulated MVTS offering payment accounts or similar products. Perpetrators may also use such regulated MVTS providers to channel their funds.

·Funds are placed and/or transferred through money remittance services. Risks of money laundering / terrorist financing activity may be particularly high when funds to be transferred are received in cash or in anonymous e-money.

Rogue agents usually perform transactions using fake IDs and fake invoices.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to money value transfers services shows that terrorist groups recurrently use this method. Payment institutions, e-money institutions and bureaux de change are also perceived by several CAs as being particularly vulnerable to TF, in particular as regards the use of cash, pre-paid instruments, the importance of transactions from/to high-risk jurisdictions and the anonymity allowed from transactions below the CDD threshold 86 . Law enforcement authorities and financial intelligence units have gathered strong evidence that these services are used to collect and transfer funds used to support the financing of terrorist activities within the EU and in particular to transfer funds by/for foreign terrorist fighters travelling to/from conflict zones.

MVTS providers are, depending on their organisation, easy to access and terrorists do not require specific expertise or techniques to abuse this service for finance terrorist activities. Terrorists might be more attracted to large MVTS providers due to their global network of agents, while smaller MVTS providers might not be so attractive since they usually operate in a limited number of countries. The specific features of MVTS providers (see vulnerabilities part) mean that they are perceived as attractive and secure.

Conclusions: MVTS providers are frequently used to finance terrorist activities and do not require specific knowledge or planning. In light of this, the level of the terrorist financing threat related to MVTS is still considered as very significant (level 4).

Money laundering

Organised crime groups recurrently use this method. Law enforcement authorities and financial intelligence units have gathered strong evidence that these services are used to collect and transfer funds used to support money laundering activities. MVTS providers are, depending on their organisation, easy to access and do not require specific expertise or techniques to launder proceeds of crime. The specific features of MVTS providers mean that they are perceived as attractive and secure. Usually perpetrators get in touch with agents to launder the money of an organised crime group in exchange for a percentage of the amount of money laundered. Agents linked with these perpetrators usually perform fake transactions with fake customer IDs if they are aware of weak customer due diligence checks by the MVTS firm. Otherwise, they can use real customer forms to add new transactions.

Based on the principle of non-exclusivity, agents can work for different companies at the same time. This means that when they are connected with perpetrators, agents can easily split transactions between firms in order to launder large amounts; such activities are difficult to detect for individual firms and competent authorities.

From Europol Financial Intelligence Public Private Partnership (EFIPPP) information:

Related to live distance child abuse typology: the presence of reliable money remittance systems is an environmental factor that allows for this type of crime to emerge. In addition, the use of MVTS is mentioned as a possible indicator for non-delivery scams, counterfeit goods (money transfers to high risk jurisdictions), illegal wildlife trade and match fixing and betting.

Finally, in relation to ransomware and cryptocurrencies typologies, an indicator of ransomware payments is a payment to a crypto exchange platform or foreign-located Money Service Business (MSB)- such as Western Union, MoneyGram – in a high-risk jurisdiction lacking, or known to have inadequate, AML/CFT regulations for crypto exchange platform entities.

Conclusions: MVTS providers are frequently used to launder money and do not require specific knowledge or planning. In light of this, the level of money laundering threat related to MVTS is considered as very significant (level 4).

Vulnerability

Terrorist financing

a) risk exposure

Reliance on cash-based transactions and the recurring use of these services in high-risk areas lead to a high risk exposure. When money is used for terrorist attacks in the EU, a higher inherent risk results from the sending of low amounts and from payers who are not included on sanctions lists.

The sector is vulnerable to cross‐border abuse for terrorist financing purposes. Investigations carried out by law enforcement authorities following recent terrorist attacks, for example in Paris and the UK, have confirmed that terrorists used money remittance to raise and move funds. In contrast to money launderers, individuals looking to finance terrorism may not seek to hide their identity and may use legitimate funding sources, often in small amounts. Additionally, the terrorist financing risk often emanates from individuals who are not covered by the sanctions regime.

The significant risk of money laundering and terrorist financing in the MVTS sector has led banks to adopt ‘de-risking’ policies towards money remittance services in certain higher risk regions. This trend raises concerns, as de‐risking may ultimately lead to money remittance services being driven underground (i.e. informal service providers such as hawala services). Financial inclusion concerns also arise, as money remittance services play an important role for customers who have limited or no access to other regulated financial services. A decline in the number of correspondent banking relationships is a source of concern for developing countries where remittance flows are a key source of funds for households as it has a significant impact on Remittance service providers’ ability to access banking services 87 .

b) risk awareness

According to the competent authorities, risk awareness in the sector is high (due to the recent terrorist attacks). Law enforcement authorities notice that the bigger players are more often misused by terrorists than the smaller ones due to their bigger agent networks in different countries. While MVTS providers have put in place measures to identify their customers and verify their identities, an effective ongoing monitoring of transactions would require a better access to relevant information, often held by law enforcement authorities, that would help them identify terrorist financing risks before they materialise. Likewise, law enforcement authorities’ efforts to disrupt terrorist activities and networks can be hampered when they are unable to obtain information about finance flows that only firms can provide.

The majority of supervisors consider the overall risk profile of the sector as significant or very significant, and more than 50% of the firms in the sector are rated as a very significant risk. However, it is important to highlight that the entire sector is not submitted to the same level of risk and must be addressed on a case-by-case basis. In that regard, the FATF interpretive note to recommendation 10 (Customer Due Diligence) sets out examples of potentially higher-risk situations, including businesses that are cash intensive, or involving non-resident customers.

c) legal framework and checks

Registered and authorised MVTS providers are subject to AML/CFT requirements at EU level. Regulation (EU) 2015/847 specifies the duties of payment service providers regarding the information on the payer and the payee that must be attached to the fund transfers. It also requires payment service providers to put in place effective procedures to detect transfers of funds that lack this information, and to determine whether to execute, reject or suspend such transfers of funds. Its aim is to prevent the abuse of fund transfers for ML/TF purposes, to detect such abuse should it occur, and to allow relevant authorities promptly to access information on the payer and the payee associated with a particular transfer where necessary. The effectiveness of checks in place remains however until now rated as generally poor by supervisors. Firms in the sector, especially large firms, rely on their customer checks and alert systems to mitigate risks.

The efficiency of current systems to detect suspicious transactions linked to terrorist financing is not high, despite their being intensive in human resources. As with inherent risk, terrorist financing risk often emanates from individuals who are not covered by the sanctions regime. As a result, closer cooperation is needed between firms and law enforcement authorities so that they become more efficient at detecting customers linked to terrorist activities.

Conclusions: MVTS vulnerability to terrorist financing is high. This is because the features of transactions linked to terrorist financing are not easily detectable, despite human and technical resources put in place by firms. The effectiveness of checks depends on the sources of information used to check transactions and customers. Firms and law enforcement authorities need to improve exchange of information to enhance detection of suspicious transactions linked to terrorist financing. In light of this, the level of terrorist financing vulnerability related to MVTS is considered very significant (level 4).

Money laundering

The MVTS sector is made up of a very diverse range of actors, from independent business with limited outlet locations to large multinational corporations having on the contrary a big geographical scope and using a network of agents. Money laundering vulnerability related to money value transfers services cannot be assessed without considering that most important MVTS providers rely on agents. Therefore agents constitute the main factor for risk exposure for MVTS providers.

a) risk exposure

MVTS services allow for speedy transactions. They are more and more provided by companies ensuring a fully traceable and digital service -and this change was accelerated by the COVID 19 pandemics. They remain however, in a number of cases, cash-based and. Due to their specific features and in particular their reliance on agents, MVTS services can be provided in high-risk non-EU countries and may be used by high-risk customers meant to be subject to specific monitoring and checks. Therefore, the most prevalent risks in the MVTS sector are linked to their high speed, the consolidated volume they represent (although individual transactions are usually low), factors that can be worsen in cases where they involve cash-intensive services and transfers to high-risk jurisdictions.

Performing consistent customer due diligence can be problematic due to the nature of the customers, who usually make isolated transactions, and due to the risk that frontmen will be used to perform transactions (despite this being a more expensive method to launder money). However, inherent risk is higher when money remittance firms does not have robust monitoring systems to check retail agents’ networks, especially in firms with large retail agent’s networks.

The significant risk of money laundering and terrorist financing in the MVTS sector has led banks mainly to adopt ‘de-risking’ policies towards money remittance services in certain higher risk regions. This trend raises concerns, as de‐risking may ultimately lead to money remittance services being driven underground (i.e. to informal service providers such as hawala services). Financial concerns also arise, first for the developing countries that rely on the income and the important weight they represent in their gross domestic product, and as money remittance services play an important role for customers who have limited or no access to other regulated financial services.

b) risk awareness

Risk awareness can be considered high in the sector. Checks are in general effective when focused on customer risk; however, when it comes to the money laundering risk from rogue agents, checks are not so effective across the EU. In addition, in some countries de minimis thresholds are in place for triggering customer due diligence obligations, leading to possibly a too light oversight of agents in the context of a very competitive sector, pushing sometimes to a trade-off between profitability and compliance. Agents linked with money laundering activities are usually the most profitable ones. Hence, if firms are not able to detect a clear connection with such activities, they prefer to keep the agent in their networks but under surveillance (usually setting quantitative limits for their transactions), rather than report the agent to the financial intelligence unit and thus break the commercial relationship.

Supervisory awareness of such risks is high. In their risk assessments, some supervisors have cited the following risks associated with agent networks: inadequate agent governance, training and monitoring. In contrast, most supervisors perceive the sector’s risk awareness as poor or very poor.

Reporting of suspicious transactions to financial intelligence units is not always effective if firms report large amounts of isolated customer transactions instead of reporting agents or groups of agents performing those transactions.

c) legal framework and checks

Registered and authorised MVTS providers are subject to AML/CFT requirements at EU level. Regulation (EU) 2015/847 specifies which information on the payer and the payee must accompany the fund transfers. It also requires payment service providers to put in place effective procedures to detect transfers of funds that lack this information, and to determine whether to execute, reject or suspend such transfers of funds. Its aim is to prevent the abuse of fund transfers for ML/TF purposes, to detect such abuse should it occur, and to allow relevant authorities promptly to access information on the payer and the payee associated with a particular transfer where necessary. Because of the reliance on agents, supervision of the sector is very challenging. Firms rely more and more on new technologies and software to conduct robust customer due diligence and agent oversight, measures which should enhance their efficiency once they will be more generally used. MVTS providers need to develop trainings of their agents to make them perform proper customer due diligence while they should more efficiently ban rogue agents from their networks.

Currently, cross-border cooperation is not working properly and supervisors are not able to put in place appropriate checks and an appropriate sanctions regime. That being the case, one of the aims of the 4th and 5th AMLDs is to enhance cooperation between AML supervisors. In this light, setting up ‘AML colleges of supervisors’ when obliged entities operate in different jurisdictions can improve supervision across EU.

Conclusions: Inherent risk is high, but risk awareness among MVTS providers is growing. Supervisors and firms are addressing the money laundering risk, focusing their actions on areas of higher vulnerability such as oversight of agents. However, to reduce vulnerability some improvements are still needed, such as enhanced supervisory cooperation, and more effective customer due diligence and oversight of agents. In this context, the level of money laundering vulnerability related to MVTS is considered as significant (level 3).

Risk level

As regards terrorist financing, the level of threat has been assessed as very significant (4), and the level of vulnerability has also been assessed as very significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for money laundering is level 3, HIGH and for terrorist financing level 4, VERY HIGH.

Mitigating measures

For the competent authorities:

·Member States could envisage lowering or eliminating thresholds to occasional transactions, consider applying systematic customer due diligence to all transactions, so that MVTS firms can efficiently monitor and detect suspicious transactions and suspicious agents linked to money launderers.

·Set up and promote a system in which suspicious agents reported by MVTS firms are recorded in a database to which all firms in the sector have access. This would limit or eliminate the activity of suspicious agents.

·Competent authorities should conduct a number of on-site thematic inspections focusing on risks posed in agents. The scope of these thematic inspections should include checking that MVTS firms have a comprehensive agent oversight function including efficient monitoring systems, on-site reviews and training.

·Considering the cross-border nature of ML/TF, Member States should encourage relevant authorities in charge of preventing and combatting ML/TF to request support from Europol.

For the sector:

·Payment service providers must take measures to detect missing or incomplete information on the payer or the payee in a transfer of funds, and procedures in place to manage a transfer of funds lacking the required information.

For the European supervisory authorities:

·Encourage competent authorities to dedicate appropriate resources, proportionate to the level of risks, to MVTS inspections, focusing on oversight of agents.

For the European Commission:

·Promote cooperation between law enforcement authorities and financial institutions in order to improve effectiveness of terrorist financing alert systems at supranational level.

9. Illegal transfers of funds — Hawala

Product

Illegal/informal transfer of funds through hawala

General description

Hawala is a system of money transmission which arranges the transfer and receipt of funds or equivalent value. It is often reliant on ties within specific geographical regions or ethnic communities. These movements of value may be settled through trade or cash businesses engaged in remittance activities. They often operate in areas of expatriate communities. Hawaladars (those that operate hawala) often run parallel businesses, particularly currency exchange, travel agencies or telephone shops, or even work as agents of official money transfer providers. The term hawala is often used to describe a number of different informal value transfer systems which have similar properties and operate in similar ways, although they are not strictly hawala. Such fund transfers are considered as unregulated payment services under EU law, meaning that they are illegal within the EU. Informal systems of value transfer, like Hawala, can be used for legitimate purposes, like money remittances, but also for criminal ones.

In 2013, the Financial Action Task Force (FATF) came up with the wider term ‘Hawala and other similar service providers’ or ‘HOSSPs’ to describe this activity. HOSSPs are a subset of informal value transfer services; forms other than hawala include hundi, Chinese underground banking and black market peso exchange. Informal value transfer systems are concerned with the movement of value without the need for money to be physically or electronically moved.

The terminology of “Hawala” is less used currently in the investigative environment. Money laundering controller networks (MLCN) or international money laundering networks are the “successors” of the hawaladars.

Members of diaspora and migrant communities use these MLCN extensively to send legitimate remittances to their country of origin. At the same time, the implementation of stricter anti-money laundering regulations in mainstream financial institutions has also made informal value transfer systems, and MLCN increasingly attractive to organised crime groups, who frequently use them to transfer illegitimate remittances, i.e. transfer large amounts of criminal proceeds or to launder such criminal proceeds, providing layering and remittance services within and outside the EU.

Hawala payments are informal funds transfers that are made without the involvement of authorised financial institutions. In principle, the money does not physically move from the payer to the payee. Instead, as is also often the case in money remittances, this is done by offsetting balances between the hawaladar of the payer and the hawaladar of the payee. To illustrate this method, a hawaladar from country A (HA) receives funds in one value (cryptocurrency, gold, goods, etc.) from the payer and, in return, gives the payer a code for authentication purposes. He then instructs his country B correspondent (HB) to deliver an equivalent amount in the local currency to a designated beneficiary, who needs to disclose the code to receive the funds. After the remittance, HA has a liability to HB, and the settlement of their positions is made by various means, either financial or goods and services.

Normally, all operators providing payment services as defined in Annex I, point 6 of the second Payment Services Directive (PSD2) should be appropriately registered and regulated. Such providers should seek the status of authorised payment institutions.

Recent and significant law enforcement efforts have proved beyond doubt that the unregulated and clandestine nature of HOSSP informal remittance systems has made them the preferred choice of criminals in money laundering.

Although hawaladars must be registered and properly licensed under the Payment Services Directive, these payment service providers often choose to carry out such transfers irregularly, outside of the conventional banking system and without proper licensing. This means that they circumvent their anti-money laundering and tax obligations and avoid mandatory supervision under the anti-money laundering regulations. Often authorities lack the means to detect these networks and properly enforce the application of PSD2 and AML obligations to these providers.

Description of the risk scenario

Contrary to all other remittance systems, hawala is based on a network of key players (hawaladars) tied by trust due to specific geographical regions, families, tribes, ethnic communities, nationalities, commercial activity, etc. Hawaladars settle transactions between themselves over a long period of time by net settlement using banking channels, trade or cash. This means that contrary to all other remittance systems, funds are not transferred for each and every transaction. Instead, each day they use a local cash pool with money that was already in the system to pay the beneficiary. After a set period only the net amount is settled. Hawaladars aggregate months of funds received through individual remitters and then perform the settlement. It needs to be stressed that legitimate and licensed value transfer services also usually operate in this way.

Margins on even small international transfers may be as low as 1%, far less than banks’ charges. It is not only cheaper to use a hawala merchant than a bank, but quicker and easier too. Transfers can typically be picked up the same day. Customers do not need to prove their identity, or explain why the money is being sent. That is why it is essential in countries, where large parts of the population do not have identity documents.

The hawala network also uses some unique techniques:

·bilateral settlement: ‘reverse hawala’ between two hawaladars;

·multilateral settlement: ‘triangular’, ‘quadrangular’ or other arrangements between several hawaladars in the same network;

·value settlement through trade transactions, usually applying trade-based money laundering techniques (shipment of the equivalent value through trade transactions such as merchandise, paying a debt, or invoice of same value that they owe; over-invoicing or under-invoicing; double invoicing; black market peso exchange; transformation of the value into cryptocurrencies or gold; etc.);

·cash settlement via cross-border cash couriers, banking and money service business channels.

Specific hawala networks are created to serve exclusively criminal needs; these place and layer criminal money and pay the equivalent value on demand elsewhere in the world.

Such networks are known to use the techniques described above. In addition, to protect themselves, hawala networks use the following techniques:

·quick cash pick-ups;

·authentication via a token (a regular feature of criminal cash handovers is the use of the unique serial number on a banknote to act as a means of identification and a rudimentary receipt for the handover);

·placement via cuckoo smurfing (a form of money laundering linked to alternative remittance systems in which criminal funds are transferred through the accounts of unwitting persons who are expecting genuine funds or payments from overseas).

All these techniques are unique to the hawala system and are all known red flag indicators of hawala activities for EU law enforcement agencies.

Such criminal hawala networks also follow a particular structure composed of:

·controllers or money brokers — these make the deal with organised crime groups for the collection of dirty cash and for delivery of its value to a chosen destination;

·coordinators — these are intermediaries working for the controller and managing different collectors;

·collectors — these collect dirty cash from criminals and dispose of it;

·transmitters — these receive and dispatch the money obtained by the collector (usually a money service business operator).

The impact of COVID-19

COVID-19 has affected and still is affecting hawala negatively, having dried up cross-border trade and closed the small shops and businesses that do transfers. But the bigger hit has been to goods trade. With borders closed, importers did not need to move money around, or to borrow to cover liquidity gaps 88 .

In countries like Somalia, where telecoms operators are largely unregulated, hawaladars have started to work as mobile-money agents on the side and transactions around the country can be done instantaneously on phones. According to the World Bank, around three-quarters of Somalis use mobile money—mostly denominated in dollars—and it is more common than cash 89 .

On the other hand, LEAs inform that the post-lockdown time has been one of the busiest periods for the money launderers globally, as they saw a huge opportunity to pump unaccounted money into the market by financing small-time traders and people who were looking for funds to start a trade of their own 90 .

Threat 91

The scale of hawala in the EU is unknown. As a tool for comparison, the central bank of the UEMOA (West African Economic and Monetary Union) space of eight countries says that over $450 million is moved back and forth each year through this method 92 , with the actual figure possibly being at least twice or thrice the initial estimate. Estimations in South Asia refer to nearly $400 billion passing through the hawala networks every year 93 . Europol is also aware of several multi-million EUR on-going money laundering investigations focusing on criminal hawala 94 in Europe.

Hawala is known to be associated with certain businesses of certain ethnic communities (India, Afghanistan, Pakistan, Iran, United Arab Emirates, sub-Saharan Africa, Somalia and China) that are common in the EU. Examples of the kinds of business involved are travel agencies, pawn shops, mobile phone and SIM cards sales, top-up of mobile cards, grocery stores, import/export business, as well as various neighbourhood-type businesses such as nail salons, hairdressers, beauty salons, flower shops.

There are no direct money/value flows between sender and receiver that law enforcement agencies can track or trace. This makes tracing the money/value flow in a Hawala network virtually impossible 95 even if ledgers are seized — they are usually encrypted, and more and more often located on cloud servers located in non-cooperative jurisdictions. This opacity makes it attractive for perpetrators. LEAs have detected some overlap between official and informal value transfer systems, notably through “cuckoo smurfing”. On the other hand, hawaladars are able to launder large sums of cash for different proceeds of crime (drug trafficking, tax evasion, terrorist financing, etc.).

From Europol Financial Information Public Private Partnership (EFIPPP) typology information:

The use of Alternative Banking Platforms is identified in relation to match fixing/betting. EFIPPP also confirms the use of Hawala as one of the money laundering tools for money laundering controller networks. They use net settlement, i.e. no funds transferred for each and every transaction, using a cash pool to pay the beneficiary. They could be therefore described as the successors of the hawaladars (cash-in and cash-out). In relation to Trade-Based Money Laundering (TBML): Money/cash is not directly transferred but transformed into other value (cash, gold, goods, cryptocurrencies, etc.). By means of TBML, such as import/ export of goods and Informal Value Transfer Systems (IVTS), the network transfers funds or an equivalent value payable to a third party in another geographical location.

.

It has been reported that at least some individuals subject to sanctions against Russia (‘oligarchs’) may have anticipated sanctions even months before the war of aggression against Ukraine and moved their money through Hawala to escape them 96 .

Vulnerability

Such illegal fund transfers are considered as unregulated payment services under EU law, meaning that they are illegal within the EU. There is no specific vulnerability assessment for illegal services in the context of the supranational risk assessment report.

Mitigating measures

For Member States / competent authorities:

·Set up joint money laundering intelligence task forces. Ensure cooperation between the financial sector and government institutions on the exchange of intelligence to prevent money laundering (which may also extend to Hawala services). This cooperation may take place in the framework of national risk assessments, the organisation of conferences with private sector engagement, or FIUs informing the financial sector on emerging threats and the financial sector issuing suspicious transaction reports as a result.

·Carry out administrative inspections to verify that obliged entities, especially money remitters, have in place checks to detect hawaladars using registered agents as window dressing to attract customers in order to offer them hawala. The points where those networks are more vulnerable being:

oCash handovers.

oCash transportation.

oInternational transactions made by third parties.

oMoney Service Businesses, Exchange Houses and Hawaladars in the cash pool.

oOTC Crypto Brokers.

oTax and customs declarations.

·In the most affected countries, establish specialised investigation teams within the anti-money laundering or drugs units, as the work against criminal hawaladars often involves developing physical and technical surveillance on the suspects involved in cash movements related to drug traffics.

·Set up actions in airports and ports focusing on cash couriers.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

10. Payment services

Product

Payment services

Sector

Credit and financial sector

General description of the sector and related product/activity concerned

Payment services products

Payment services are regulated by the revised Payment Services Directive (‘PSD2’) 97 . They are listed in Annex I of PSD2 and cover a wide variety of services, including:

·services enabling cash to be placed on or withdrawn from a payment account (cash deposits are addressed in a separate section of this report);

·money remittance (also covered in another section of this report);

·execution of payment transactions such as credit transfers or direct debits;

·execution of payment transactions through payment cards or similar devices;

·issuance of payment instruments;

·payment transactions acquisition.

A ‘payment transaction’ is defined as an act initiated by the payer or on his behalf or by the payee, of placing, transferring or withdrawing funds, irrespective of any underlying obligations between the payer and the payee.

PSD2 covers additional payment services, which have emerged during the past years in the wake of the digitalisation of services. These services are referred to as payment initiation services and account information services. The money laundering and terrorist financing risk of these operations is considered the most relevant in the context of this fiche. Other specific aspects are dealt with in other parts of the Supra-national risk assessment 98 .

Payment initiation services allow consumers to pay for their purchases by a credit transfer instead of a card payment. The payment initiation service provider can receive information whether there are sufficient funds on the consumer’s account balance to make the payment. It informs the merchant that the payment order has been successfully initiated. On this basis, the web merchant may decide to ship the goods or provide the service before the amount is booked on his account. PSD2 covers these new payments, addressing potential issues over confidentiality, liability and the security of such transactions.

Most of the PSD2 became applicable on 13 January 2018, some selected provisions on strong customer authentication (SCA) and access to payment accounts on 14 September 2019. PSD2 does not regulate all payments. Payments in cash or paper cheque payments are not covered. Payment transactions by a provider of electronic communication networks, under a certain value are also excluded from the scope of the Directive.

In 2021, the Commission consulted stakeholders on remaining obstacles as well as possible enabling actions that could be taken to ensure a wide availability and use of instant payments in the EU. Instant payment represent an innovation opportunity but will also raise new challenges that will be carefully considered to ensure that the money laundering and terrorism financing risks are mitigated appropriately.

The total value of payment transactions in the EU involving non-monetary financial institutions reached EUR 195,1 trillion 99 in 2019. The large majority of payments was done electronically. The total number of payment transactions in the euro area increased by 8.1% to 98.0 billion in 2019 compared with the previous year, with a total value of EUR 162.1 trillion 100 . Card payments accounted for 48% of the total number of non-cash payments in the euro area 101 .

The number of cards in the euro area with a payment function increased in 2020 by 6.5% to 609.3 million. With a total euro area population of 343 million, this represented around 1.8 payment cards per euro area inhabitant 102 .

SEPA

The Single Euro Payments Area (SEPA) aims to harmonise and integrate payment markets across Europe, with one set of euro payment instruments: credit transfers, direct debits and payment cards, common standards and practices, and a harmonised legal basis.

SEPA covers around 465 million people in the 27 EU Member States and other non-EU countries (United Kingdom, Iceland, Norway, Liechtenstein, Switzerland, Monaco, San Marino, Andorra and Vatican City State/Holy See) 103 .

Retail payment systems

Retail payment systems in the EU are payments made by the public, with a relatively low value, a high volume and limited time-criticality. In 2019, around 44 retail payment systems existed in the EU as a whole 104 and almost 45 billion transactions were processed by retail payment systems in the euro area worth EUR 35.0 trillion 105 .

Large-value payment systems

Large-value payment systems are designed primarily to process urgent or large-value interbank payments, but some of them also settle a large number of retail payments.

In 2019, there were 9 active large value payment systems 106 in the EU. The two main large-value payment systems in the euro area (TARGET2 and EURO1/STEP1) settled 141,5 million transactions amounting to EUR 497 trillion in 2019 107 .

Payment service providers

Banks are players in national and international payment systems. Some 120 billion cashless payments were made by non-bank payment service providers (the nonfinancial sector and non-monetary financial institutions 108 ) in 2019 at EU-27 level 109 . More than half (62 billion) of those were card payments, while credit transfers or direct debits represented respectively 30 billion and 22 billion payments 110 .

Within the EU, not only credit institutions are allowed to provide payment services.

These can also be provided by payment institutions, e-money institutions, post giro institutions and regional or local authorities where they do not act as public authorities. Payment institutions emerged with the adoption of the Payment Service Directive. These companies can provide payment services and engage in other business activities; they are not allowed to take deposits or issue e-money. Under PSD2, new categories of payment service providers were introduced: payment initiation service providers and account information service providers. These actors can provide exclusively the services of payment initiation and account information respectively.

Even though the introduction of payment institutions has increased competition in the payments market, the majority of provided payment service are still performed by credit institutions.

As for the other players, EU-wide there were 111 :

·682 authorised payment institutions;

·1640 exempted payment institutions according to article 32 of PSD2;

·239 e-money institutions and

·1331 Service providers excluded from the scope of PSD2′ under points (i) and (ii) of point (k) and point (l) of Article 3 of PSD2 .

The distribution of payment institutions (authorised payment institutions and small payment institutions) is distributed among countries in the EEA. The biggest countries account for the largest numbers of payment service providers: Germany (11%), Netherlands (10%), France (9%), Spain (8%), and Sweden (7%), Italy (6%), account for 51% of all authorised payment institutions in the EEA. As for the exempted payment institutions, it is worth noticing that 85% were registered in Poland 112

More general data on the number of financial institutions providing payment services in the EU can be found in the central registers of the EBA.

Description of the risk scenario

Perpetrators are using the banking and financial system to channel their funds through bank accounts, credit transfers and direct debits, peer-to-peer transfers made with a payment card, an electronic money instrument or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics.

Effects of the Covid-19 pandemic: Misuse public funds

Criminal actors use a variety of techniques to exploit vulnerabilities in processes relating to the application and distribution of public funds. However, a common approach is the rapid movement of funds out of the jurisdiction by quickly withdrawing the funds in cash once government agencies transfer the financial aid.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to payment services shows that account-based transactions are used by terrorists to store and transfer funds and to pay for the services or products needed to carry out their operations, in particular when processed through the internet. According to research on the financing of European jihadist terrorist cells, the formal banking system is one of the six methods most commonly used by terrorist groups. The majority of terrorist cells located in Europe have derived some income from legal sources — usually received through the formal banking system — and use bank accounts and credit cards both for their everyday economic activities and for attack-related expenses. Due to the account-based elements, terrorist groups‘ intent to rely on this risk scenario is more limited. However, their capability to use it is quite high.

Most payment services allow cross-border transactions that may rely on different mechanisms of identification (depending on national legislation) that may lead terrorists to use a false identity. This means that law enforcement authorities cannot track the originator or beneficiary of the transaction in such cases. The misuse of payment services requires specific skills but, according to law enforcement authorities, these skills are commonly widespread within terrorist groups and do not constitute an obstacle (mobile/internet payments are quite easy). The individual average amounts of the payments concerned appear to remain, nevertheless, quite limited,.

Conclusions: terrorist groups are making use of payment services to finance terrorist activities. They rely on IT skills to circumvent identification requirements and do not need specific knowledge to access this channel, which is rather attractive and secure. While the overall amount they represent may be significant, the individual average amounts of the payments concerned remain nevertheless quite limited. In this context, the level of terrorist financing threat related to payment services is considered as significant (level 3).

Money laundering

The assessment of the money laundering threat related to payment services is considered as presenting similarities with the use of funds deposited on account: a customer might not be submitted to customer due diligence checks, if the payment or transfer of funds is below the threshold triggering compulsory checks and does not raise particular suspicion of money laundering or terrorist financing. This risk scenario concerns both the moments of placing and withdrawing of funds (i.e. deposits on account and use of this account). It is frequently used by criminals, but also by relatives/close associates, which extends the scope of the intent and capability analysis 113 . It requires some planning and knowledge of how the banking systems work.

According to law enforcement authorities, payment services providers (PSPs) can be used for criminal purpose, notably by money mules. For example, a PSP has been investigated by several EU Member States. The PSP registered in one EU Member State also registered as an e-money issuer in another jurisdiction and thus obtained a passporting licence. The PSP was approached by a criminal structure claiming to conduct online trade. The PSP supplied the client with point of sale terminals. The terminals were taken out of Europe and used in black peso market exchange ‘swipe out’ operations. The information collected in the investigations demonstrated that the PSP did not perform any monitoring of the client, which would have resulted in identification of the risk because the declared small online business led to the accumulation of several million euro in a limited amount of time. Nor were the point of sale terminals monitored, as they were physically not present in the EU for when the order was placed. The same PSP was also approached by another criminal structure in another EU Member State. The criminal structure controlled front tourist businesses used to make cash deposits of cocaine proceeds. These businesses became clients of the PSP and requested to be issued with payment cards (as the PSP is a Visa and Mastercard card issuer). The cards were taken out of Europe and cash was withdrawn in Colombia.

In addition, the Europol Financial Intelligence Public Private Partnership (EFIPPP) identifies multiple ways of criminal use of payment services:

·Use of credit cards, e-money and payment institutions as financial products/institutions in relation to corruption and bribery.

·A transactional indicator of ransomware payments is the payment to a crypto exchange platform or foreign-located Money Service Business (MSB) – such as Western Union, MoneyGram – in a high-risk jurisdiction lacking, or known to have inadequate, AML/CFT regulations for crypto exchange platform entities.

·Ransomware criminals ask their victims to pay a ransom through online payment method, typically cryptocurrency, to regain control of their data. Hackers typically demand ransoms in cryptocurrency.

A victim indicator for investment fraud: Increasing online presence and use of online payment services of potential victims, especially among vulnerable segments of the population, such as the elderly or those on lower incomes.

Example of a company involved in the illegal sale of football tickets and money laundering, using Third Party Providers: Company A was incorporated in Spain. It was reselling and touting football tickets in the UK, which is illegal in the UK and thus a predicate offence for money laundering. Company A has an account in Bank X located in Spain. Company A worked together with a Third Party Payment Processor (TPPP) registered in Germany which maintains business account in Bank Y in UK. TPPP’s task is to support merchants like Company A at the point of sale regarding payment processes and sales channels. Following many requests for ticket refunds due to COVID-19 pandemic, Company A transferred 175,000 pounds to the TPPP’s account in Bank Y to remedy its negative account balance. The funds are transferred to another UK banks which then distributed the refunded amounts to the ticket holders.

Conclusions: organised crime groups use this method rather frequently as it is easily accessible, despite requiring some knowledge and planning capabilities to hide the origin of funds. The key emerging risks identified by National Competent Authorities include the cash-intensive nature of the services offered, the prevalence of occasional transactions rather than established business relationships, the involvement of high-risk jurisdictions payment institutions, the large volume and high speed of transactions, the use of new technologies to facilitate the onboarding of customers remotely and the distribution channels used. In this context, the level of the money laundering threat related to payment services is considered as significant (level 3).

Vulnerability

Terrorist financing

When assessing the terrorist financing vulnerability related to payment services, one must take into account their cash-intensive nature, the prevalence of occasional transactions on established business relationships, the large volume and high speed of transactions, the possible involvement of high-risk jurisdictions in which PIs operate, the use of new technologies to facilitate the onboarding of customers remotely and the distribution channel used.

a) risk exposure

The risk exposure is inherently high due to the characteristics of payment services, as they involve very significant volumes of products and services. Although payments are generally not anonymous (when they are linked to an identified account), they may interact with very significant volumes of higher risk customers or countries, including cross- border movements of funds. They also interact with new payment methods (mobile/internet), which may increase the level of risk exposure because they imply a non-face-to-face business relationship.

b) risk awareness

While the sector has put in place guidance to detect the relevant red flags on terrorist financing, the risk awareness remains perfectible. While Competent authorities noted a good level of reporting, and an improvement in the level of controls in place in the sector, a large proportion of these controls are still rated as poor or very poor. Despite a significant risk profile and although almost all Competent authorities indicated they carried out some supervisory activity during the period under review, the EBA notes that the sector, in view of its risk profile, saw a relatively low level of supervisory activity 114 . Competent authorities are well aware of the vulnerabilities of the sector and are proactively engaged with it.

c) legal framework and checks

Payment services are included in the AML/CFT legal framework at EU level. This framework has been in place for many years and checks are considered overall not to be yet fully efficient. As far as the legal framework is concerned, it covers equally credit institutions and other payment service providers, such as payment institutions and e-money institutions. Similar to deposits on accounts, checks in place are generally considered as efficient, however, sanctions screening is not a substitute for effective counter-terrorist financing checks. Financial sanctions target individuals or groups that are already known to pose a threat, whereas terrorist financing risk often emanates from individuals who are not caught by the sanctions regime. This is why risk‐based AML/CFT checks, and transaction monitoring in particular, are key to an effective fight against terrorist financing.

Usually, credit and payment institutions do not have access to relevant intelligence, often held by law enforcement authorities, that would help them to better identify and prevent terrorist financing risks before they materialise. Likewise, law enforcement authorities efforts to disrupt terrorist activities and networks can be hampered when they are unable to obtain information about finance flows that only firms can provide. There are now initiatives at the national and supranational level designed to test how law enforcement agencies can provide firms with more specific and meaningful information on specific persons of interest, allowing firms to focus their transaction monitoring on these persons.

Conclusions: The risk exposure may be considered quite high (significant level of transactions). While the level of controls in place in this sector has progressed, a large proportion of these controls are still rated as poor or very poor and the level of awareness of the risk vulnerability must improve. The legal framework and checks are the basis of a good level of reporting. The sector has a relatively low level of supervisory activity and there is also high residual risk due to the reliance on the current counter-terrorist financing checks based on sanctions screening. In this context, the level of terrorist financing vulnerability related to payment services is considered as significant (level 3).

Money laundering

When assessing the money laundering vulnerability related to retail payment services, one must take into account their cash-intensive nature, the prevalence of occasional transactions on established business relationships, the large volume and high speed of transactions, the possible involvement of high-risk jurisdictions in which PIs operate, the use of new technologies to facilitate the onboarding of customers remotely and the distribution channel used.

a) risk exposure

Risk exposure is inherently high due to the characteristics of payment services, which involve very significant volumes of funds, and are associated with a broad diversity of customers and jurisdictions, including high risk ones. Although payments are generally not anonymous (when they are linked to an identified account), they are often not monitored (notably if they are under the amount requiring systematic customer due diligence measures for occasional transactions and take place outside of a business relationship framework) and may entail contact with higher risk customers or countries, especially where cross-border movements of funds are involved. Payment institutions often use agents to process payments, which significantly increases the risk due to the risk that these agents may collude with criminals 115 . They also make use of new payment methods, which may also increase the level of risk exposure because they imply, a non-face-to-face business relationship.

b) risk awareness

Competent authorities have noted discrepancies between banking and payment institutions, the latter being less aware of money laundering risks. Most competent authorities viewed the overall risk profile of payment institutions as either significant or very significant; this was especially the view of the authorities supervising the highest numbers of payment institutions. The potential misuse of new technologies such as mobile payments to facilitate peer‐to‐peer money transfers was commonly considered as an emerging risk by competent authorities (see the section on crypto-assets/virtual currencies). There is currently insufficient monitoring both when a payment account is opened (entry point) and when the transaction is processed.

c) legal framework and checks

Payment services are included in the AML/CFT legal framework at EU level. As far as the legal framework is concerned, it covers equally bank and payment institutions. The reliance on account-based transactions implies that the legal framework applies commonly to the banking sector and to the payments institutions sector. This framework has been in place for many years and checks are considered overall as efficient. Payment institutions rely on bank controls to mitigate their inherent money laundering risk, but some alert systems in banks are not robust enough to detect suspicious cash transactions transferred by payment institutions afterwards.

Conclusions: The sector’s risk exposure remains high and risk awareness has not yet brought sufficient efficiency in monitoring the payment services. As far as the legal framework is concerned, it covers equally bank and payment institutions. However, the checks in place are less efficient when dealing with payment institutions. In this context, the level of money laundering vulnerability related to payment services is considered as significant (level 3).

Risk level

As regards terrorist financing, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (level 3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (level 3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both, terrorist financing and money laundering is HIGH.

Mitigating measures

For the Commission:

·clarify and set up a common framework for electronic identification and customer due diligence;

·identify risks associated with Fin-Tech and set up standards to mitigate those risks;

·promote cooperation between law enforcement agencies and financial institutions in order to improve effectiveness of terrorist financing alert systems at supranational level;

·submit exchange of crypto-asset to funds and of funds to crypto-assets activities to AML/CFT obligations;

·consider possible lowering of the thresholds triggering compulsory customer due diligences for occasional transactions involving funds.

For Member States / competent authorities:

·Member States should ensure that supervisors conduct regularly on-site thematic inspections focusing on risk assessments of payment services providers, and ensure that their alert systems are effective.

·In addition, competent authorities should continue to raise risk awareness and risk indicators relating to terrorist financing with payment service providers (PSP), via close Public Private Partnership cooperation.

·Member States could envisage lowering or eliminating thresholds for occasional transactions, applying customer due diligence to all transactions so that payment institutions efficiently monitor and detect suspicious transactions.

·Considering the cross-border nature of ML/TF, Member States should seek international cooperation encourage relevant authorities in charge of preventing and combatting ML/TF to request support from agencies such as Europol.

11. Crypto assets

and

Virtual currencies

Product

Crypto-assets, including so-called virtual currencies

Sector

Crypto-assets issuers and service providers

Description of the risk scenario

According to its opinion on ML/TF risks released in March 2021 116 , the EBA notes that compared to its previous Opinion issued in 2019, risks arising from crypto-assets appear to have increased further. They attribute this to the growth of the crypto-asset market, in terms of both the number of transactions processed and customers, the increased range of products and services and their often-unregulated nature o and associated lack of customer due diligence measures 117 , and a compliance immaturity and overall limited overall understanding of ML/TF risks in the sector. The main factors contributing to the increased exposure to the ML/TF risks is said to be the limited transparency of crypto-assets transactions and the identities of the individuals involved in these transactions. We note, however, that crypto-assets transactions conducted on public distributed ledgers leave immutable traces and are there for everyone to see. Persons engaging in ML/TF via such crypto asset transactions expose themselves to public scrutiny of their transactions 118 .

Custodian wallet providers and providers engaged in exchange services between virtual and fiat currencies are now within the scope of the AML/CFT legal framework by defining them as obliged entities in the AMLD. The related provisions apply and should now have been transposed by all Member States in January 2020. However, not all MS have transposed these provisions yet 119 . The European Commission’s proposal for a Regulation on Markets in Crypto-assets 120 (MiCA) published in September 2020 will have, when adopted, the effect of expanding the EU financial services regulatory perimeter to a wide range of crypto-asset activities. With the EU’s proposals released in July 2021 to strengthen the EU’s AML/CFT framework, AML rules will be extended to all crypto-asset service providers covered by MiCA. This will also align EU AML/CFT rules with the latest international standards and guidance from the FATF.

However, a particular attention will still have to be given on how to best address possible emerging threats having a link with the crypto-assets and their industry but not fitting fully with existing legal framework in that field. This is in particular the case of non-fungible tokens (NFTs), assets representing a unique token that acts as a non-duplicable digital certificate of ownership for a specific digital asset, and which legal qualification may differ from a jurisdiction to another. First analysis by regulators suggest that NFTs should not always be considered as crypto-assets 121 , especially if they are not used as payment or instruments for investment. Exposure to ML risks arise due to the limited application of customer due diligence checks on many of the major NFT sales platforms and the fact that many services seem now created for the express purpose of obfuscating the origin and destination of funds through NFTs. It is possible for criminals to set up an account, list a number of NFTs and then purchase said NFTs from themselves for an inflated price. The current popularity experienced by NFTs, and subsequent high prices, further complicate the process of identifying which transactions are wash trading and which are legitimate purchases. There are, meaning that the proceeds from malicious sales can be hidden with relative ease.

Another key concern also arise from crypto-assets exchange, lending or transfer services, activities normally offered by regulated crypto-assets services providers but made through decentralized or distributed application, often run on a decentralized ledger, with no legal or natural person with control or influence over it, often referred to as ‘decentralised finance’ (DeFi) 122 . There seems to be a broadly shared consensus among jurisdictions that DeFi applications should not be considered crypto-assets services providers if there is no identified body that can be held liable for their use.

This makes DeFi’s exposure to risk of ML/TF rather high, as DeFi applications can be used to avoid existing AML/CFT legislation and the “travel rule” obligations as set out by the FATF 123 . However, in case a person or a managing body can be identified, despite its qualification, the DeFi application shall be treated as a crypto-assets services provider and fall under the same AML/CFT obligations. Therefore, much like with NFTs, DEFIs may be subjected to the application of the relevant rules covering crypto-assets on a case-by-case basis but keep posing regulatory challenges that are not yet fully addressed and could conduct to take additional measures to better tackle them in the future.

Threat

Crypto-assets related activity represents a growing money laundering/terrorist financing threat. Financial intelligence units (FIUs) across the FATF global network have seen a rise in the number of suspicious transaction reports that relate to crypto-assets. Several law enforcement authorities indicated that ML/TF risks from crypto-assets have increased further since 2019 124 , linked to the growth of the crypto-asset market, in terms of transactions processed and number of firms’ clients that use crypto-assets or are crypto-assets service providers. Law enforcement authorities identify the limited transparency of transactions and identities of end-customers involved in crypto-asset activities as the most significant risk factor that may facilitate illegal activities such as fraud, trading of illicit goods/services and terrorist financing.

Europol regards Bitcoin as the crypto-assets of choice for the majority of criminals, but anticipates a more pronounced shift towards anonymity-enhanced crypto-assets, which offer greater anonymity and capacity to obfuscate transactions. Some of such anonymity enhanced crypto-assets are, however, harder to acquire and transact than Bitcoin.

Exchangers can offer crypto-assets to crypto-assets transactions that obfuscate the transaction trail and decentralised mixers have also been used.

A particular set of challenges arises from crypto-assets services provided by criminals or non-compliant entities:

·individuals buy/sell large volumes of crypto-assets for any asset peer-to-peer (no intermediation) without involvement of registered crypto-asset service providers subject to AML/TF requirements; and

·payment services providers offering crypto cards 125 were initially offered only for Bitcoin, but there has been a shift towards support of multiple crypto-assets. They often register in jurisdictions with ‘favourable’ regulatory arrangements that do not facilitate their monitoring.

Law enforcement agencies also face particular challenges in collecting information when crypto-assets services are offered in a country other than that in which the originator / beneficiary are located (which itself may be anywhere in the world).

Europol Financial Intelligence Public Private Partnership (EFIPPP) information from typologies

Match-fixing/betting: Virtual assets are used to open betting accounts online.

Corruption and bribery: Virtual assets transactions are financial products used in relation to corruption and bribery, and Virtual Assets Service Providers are used.

Ransomware and cryptocurrencies.

ML and cryptocurrency.

ML Controller Networks (MLCNs): the services of MLCNs include cash out (cash is collected in a jurisdiction and cash is delivered in any other jurisdiction), cash swap (cash is collected in a currency and paid out in another currency, including cryptocurrency) and account payment (the broker collects the cash and makes a payment on behalf of the client through a compensation scheme to balance and move value).

A technique used is Trade Based ML (TBML). Money/cash is not directly transferred but transformed into other value (cash, gold, goods, cryptocurrencies, etc.). By means of TBML, such as import/ export of goods and Informal Value Transfer Systems (IVTS), the network transfers funds or an equivalent value payable to a third party in another geographical location.

EFIPPP information from typologies:

Typology observed where child sexual exploitation (CSE) sites offer member subscription by paying in cryptocurrencies / virtual assets (usually in Bitcoins).

The CSE site will provide several addresses to pay a small amount in cryptocurrencies / virtual assets. These addresses can be traced to a main pooling address where the suspect(s) gather their funds. This trail can potentially be followed to a regulated crypto/virtual asset exchanger and the suspect thus identified.

Furthermore, it is possible to trace the payments to these clusters back to an exchange, identify buyers and discover additional links. Since the Blockchain record is permanent it is possible to continuously over time gather more evidence and find more subjects related to the purchase and distribution of CSE.

Investment fraud:

·Scammers take advantage of the recent decline in asset prices to sell fraudulent investments in gold, silver and other commodities labelled as a safe haven as well as low value stocks or high risk financial products such as derivative instruments and cryptocurrencies.

·Buy low, sell high schemes targeting commodities and real estate, cryptocurrencies or complex derivative products.

·A victim indicator is payments related to cryptocurrencies, derivative instruments (gold, shares, indexes and forex) and shares issued by companies with low capitalization (aka Microcap / “penny stocks”) trading in the over-the-counter securities market.

·Transfers to cryptocurrency exchanges or to accounts in high risk jurisdictions.

·Very few or same bitcoin/crypto currency addresses used to collect payments from multiple victims.

Misuse of Public Funds:

·There is a range of different profiles of criminal actors who exploit the weaknesses of the system to accept, assess and process fiscal stimulus measures. A common feature of the fraudsters is that they have proficient IT skills to create sophisticated fake websites, to execute phishing attacks, to browse the Darkweb and deal with different anonymous cryptocurrencies.

·Transfers to cryptocurrency exchanges

Non-delivery scam: The merchant requests payments that are unusual for the type of transaction in question or unusual for the industry’s pattern of behaviour. For example, instead of a credit card payment, the merchant requires a pre-paid card, the use of a money services business, convertible virtual currency, or that the buyer send funds via an electronic funds transfer to a high-risk jurisdiction

Counterfeit goods: Unusual payment methods, e.g. pre-paid cards, virtual assets, or via money services

Counterfeit goods: Financial products being used are a) E-Money and payment accounts (incl. virtual IBANs), b) Credit cards, c) Bank accounts (incl. virtual IBANs), d) Virtual assets. VASPs are among the financial institutions used.

Illegal trade: related to illegal wildlife trade, an indicator is deposits from money service businesses or crypto-currency exchanges.

Terrorist financing

Crypto-assets generally involve non-face-to-face customer relationships and may allow for anonymous – and not yet always traceable – funding or purchases (cash funding or third-party funding through virtual exchanges in which the funding source is not properly identified). They may also allow for anonymous transfers, if the sender and the recipient are not properly identified. The assessment shows that terrorist groups may have an interest in using crypto-assets to finance terrorist activities. A limited, but growing number of cases related to crypto-assets have been reported 126 . The Egmont Group of FIUs has detected cases of terrorist groups using crypto-assets and groups are known to have given instructions on the internet (including via Twitter) on how to use crypto-assets.

Conclusions: Law enforcement agencies have information according to which terrorist groups may be using virtual currencies to finance terrorist activities. The global reach, the speed at which transactions can be carried out and the possible anonymity offered by their transfer, make crypto-assets particularly attractive for criminals seeking to carry out illicit transfers across jurisdictions and to operate beyond national borders.

Consequently, the terrorist financing threat related to virtual currencies is considered very significant (level 4).

Money laundering

Crypto-assets carry a significant ML/TF risk, due to the ease of transferring crypto-assets to different countries as well as the absence of homogeneous controls and prevention measures implemented at the global level, due to some delay by several jurisdictions in implementing FATF standards on virtual assets. Perpetrators use crypto-assets systems to transfer value or purchase goods anonymously (cash funding or third-party funding through virtual exchanges). The assessment of the money laundering threat related to crypto-assets shows that organised crime organisations may use them to access ‘clean cash’ (paying in and paying out). Not only cybercriminals use crypto-assets – other organised crime groups such as drug traffickers use them to move and launder the proceeds of crime. Crypto-assets allow such groups to access cash anonymously and hide the transaction trail. Criminals may acquire private keys for e-wallets or withdraw cash from cashpoint machines.

Conclusions: investigations show that criminal organisations’ (not only cybercriminals’) use virtual currencies and virtual assets. Consequently, the level of money laundering threat related to virtual currencies is considered very significant (level 4).

Vulnerability

Terrorist financing

In assessing the terrorist financing vulnerability related to crypto-assets providers, we must bear in mind that, while the EU started to regulate the provision of services involving crypto-assets in 2018 and is implementing further changes (the proposals for MiCA and the new AML/CFT package), the risks of crypto-assets being misused to finance terrorism are only just emerging.

a) risk exposure

When used anonymously, crypto-assets make it possible to conduct transactions speedily without having to disclose the identity of the ‘owner’. They are provided through the internet and the cross-border element is the most obvious risk factor, as it allows for interaction with high-risk areas or high-risk customers that cannot be easily identified, even if the transactions leave digital footprints that can be analysed. The implementation of FATF standards on virtual assets require crypto-assets service providers to register in the place of legal creation or incorporation (legal persons) or in the jurisdiction in which the place of business is located (natural persons) and to comply with AML/TF requirements, notably information duties on the originators and beneficiaries of crypto-assets transfers. This will reduce the scope for anonymous transactions with crypto-assets through crypto asset service providers.

b) risk awareness

This component of terrorist financing vulnerability is difficult to assess in a comprehensive manner but competent authorities and financial intelligence units have noted in their contacts with the crypto-assets services providers sector that the level of awareness of terrorist financing risk is still rather low, although the sector is calling for the adoption of an appropriate AML/CFT legal framework.

Crypto-assets are among the emerging risks in almost all sectors, due to:

·a lack of knowledge and understanding, which prevents firms and competent authorities from carrying out a proper impact assessment;

·gaps or ambiguities in the application of existing regulation;

·potential exposure of financial and credit institutions to increased risks of money laundering and terrorist financing related to crypto-assets where they act as intermediaries or exchange platforms between crypto-assets and fiat currencies (in the absence of a proper risk assessment); and

The sector is not yet well structured and the policies to increase the level of awareness were until recently rather limited.

c) legal framework and checks

AMLD5 introduced a first EU definition of virtual currencies and extended anti-money laundering obligations to ‘providers engaged in exchange services between virtual currencies and fiat currencies’ and custodian wallet providers. In addition to ordinary customer due diligence, Member States must ensure that these new obliged entities are registered. They must also require competent authorities to ensure that only fit and proper persons hold management functions in these entities or are their beneficial owners. While related provisions should have been transposed by all Member States in January 2020, it is not fully the case yet 127 .

The European Commission’s proposal for a Regulation on Markets in Crypto-assets 128 (MiCA) published in September 2020 will have, when adopted, the effect of expanding the EU regulatory perimeter to a wide range of crypto-asset activities. The publication of the EU’s proposals to strengthen the EU’s AML/CFT framework in July 2021, include a proposal to align the scope of the AMLD with the activities covered by MiCA and to introduce an obligation for all crypto-assets services providers involved in crypto-assets transfers to collect and make accessible data concerning the originators and beneficiaries of the transfers of virtual or crypto assets they operate (the “travel rule” of the FATF). These proposals also imply to ban the possibility to use or open an anonymous crypto-assets account and to broaden to crypto-assets services providers the possibility to appoint contact points in Member States where they are active via freedom to provide services (as it is currently the case for Electronic money issuers and payment service providers).

These new rules, if adopted, will significantly enhance the monitoring of crypto-assets service providers, and ensure compliance with the relevant measures called for in the FATF Recommendations.

Conclusions: The most significant factor of vulnerability for virtual currency and virtual asset providers is the fact that they may not be fully regulated in the EU. Once implemented, AMLD5 has significantly improved the monitoring of the virtual assets industry by making wallet providers and providers of exchange services between virtual currencies and fiat currencies obliged entities, ensuring that they are registered and that only fit and proper persons hold management functions or are beneficial owners. This framework still has to be supplemented with the legislative proposals of the EC to regulate the crypto-assets industry and its professionals stakeholder, in line with international standards. The inherent risk exposure remains high due to the characteristics of virtual assets and virtual currencies (internet-based, cross-border and anonymous). Nevertheless, the sector is getting more organised and has recently received a very comprehensive guidance and information on how to implement AML/CFT requirements 129 .

Still, the level of terrorist financing vulnerability related to virtual currencies is considered very significant (level 4).

Money laundering

Crypto-assets are partially regulated in the EU and there is growing evidence of crypto-assets being misused for money laundering as well as a means of payment for prohibited goods such as drugs.

a) risk exposure

As mentioned above, when used anonymously, crypto-assets make it possible to conduct transactions speedily and without having to disclose the identity of the ‘owner’. They are provided through the internet and the cross-border element is the most obvious risk factor, as it enables interaction with high-risk areas or high-risk customers (darknet 130 ) that cannot be identified. At the stage of the conversion, the use of cash also becomes a new element of vulnerability. The AMLD5 rules address this risks for ‘providers engaged in exchange services between virtual currencies and fiat currencies’. However, several types of crypto-assets activities still fall today outside of the scope of Union legislation on financial services and the information obligations linked to transfers of virtual assets are not yet fully in place at EU level.

b) risk awareness

Crypto-assets rely on, in part, still recent technology but the level of risk awareness in the sector has significantly improved recently. The FATF international standards and their progressive implementation at EU level are responding to the need expressed by the sector for a clearer and more structured legal framework in which crypto-assets activities are subject to AML/CFT requirements.

Some specific risks are however linked to the absence of awareness of new high-value crypto-assets (such as some Non Fungible Tokens which can be considered as works of art). Another risk is linked to the possible control of some crypto-assets service providers by criminal organisation (either taken over by organised crime groups, or because the Virtual Asset Service Provider was created by an OCG).

c) legal framework and checks

Directive (EU) 2018/843 131 was the first legal instrument to address the risks of money laundering and terrorist financing posed by crypto-assets in the Union. It extended the scope of the AML/CFT framework to two types of crypto-assets services providers: providers engaged in exchange services between virtual currencies and fiat currencies and custodian wallet providers. Due to rapid technological developments and the advancement in FATF standards, it was then deemed necessary to review this approach.

The European Commission’s proposal for a Regulation on Markets in Crypto-assets (MiCA) published in September 2020 will have, once adopted, the effect of expanding the EU regulatory perimeter to a wide range of crypto-asset activities. Further action is expected in 2021 with the publication of the EU’s proposals to strengthen the EU’s AML/CFT framework, including a proposal to align the scope of the AMLD with the activities covered by MiCA.

A first step to complete and update the Union legal framework will be achieved with the adoption of the MiCA Regulation 132 , which set requirements for issuers of crypto-assets in the Union and crypto-asset service providers wishing to apply for an authorisation to provide their services in the single market. It also introduced a definition of crypto-assets and crypto-assets services providers encompassing a broad range of activities that corresponds to the FATF standards requirements and go even beyond:

·the custody and administration of crypto-assets on behalf of third parties;

·the operation of a trading platform for crypto-assets;

·the exchange of crypto-assets for funds;

·the exchange of crypto-assets for other crypto-assets;

·the execution of orders for crypto-assets on behalf of third parties;

·the placing of crypto-assets;

·the reception and transmission of orders for crypto-assets on behalf of third parties

·providing advice on crypto-assets;

·providing portfolio management on crypto-assets.

The MiCA regulation also introduce requirements for these services providers to be licensed and submit their senior management to fit and proper tests.

The Commission proposals of July 2021 to strengthen the EU’s AML/CFT framework will allow to cover a greater scope of crypto-assets activities, by aligning the scope of the AMLD with all crypto-asset service providers covered by MICA in line with the FATF standards requirements. These proposals shall introduce an obligation for all crypto-assets services providers involved in crypto-assets transfers to collect and make accessible data concerning the originators and beneficiaries of the transfers of virtual or crypto assets they operate (thus applying the so-called “travel rule” contained in FATF Recommendation 15 on VASPs). They may also end the possibility to use or open an anonymous crypto-assets account and to broaden the possibility for Member States to require that crypto-assets services providers established on their with a head office situated in another Member State to appoint a central contact point (as it is currently already the case the case for Electronic money issuers and payment service providers).

These new rules, if adopted, will significantly enhance the monitoring of crypto-assets service providers, and ensure compliance with the relevant measures called for in the FATF Recommendations.

Conclusions: AMLD rules have significantly enhanced the monitoring of risks linked to virtual asset service providers, but it remains partially implemented and does not cover yet all virtual asset service providers. The EC AML legislative proposals released in 2021 will lead to strengthen the EU’s AML/CFT framework, including a proposal to align the scope of the AMLD with the activities covered by MiCA. Meanwhile, the inherent risk exposure should continue to be regarded as high, due to the characteristics of crypto-assets and virtual currencies (internet-based, cross-border and anonymous). Therefore, the level of money laundering vulnerability related to crypto-assets and virtual currencies is considered very significant (level 4).

Risk level

As regards terrorist financing, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as very significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both money laundering and terrorist financing is level 4, VERY HIGH.

Mitigating measures

For the competent authorities:

·Europol should consider

ousing blockchain analysis tools in order to analyse addresses and transactions for critical information such as geolocation data or the cryptocurrency exchange (used to purchase the coins);

othe use of coinbase services offered to the law enforcement community. EU Member States could cross check their operational data (selectors) with coinbase (one of the largest exchangers) and receive useful information on entities/ persons/ IP addresses/ Bitcoins addresses.

·Competent authorities should continue their outreach to the crypto-assets services providers sector to raise awareness and understanding of new AML/CFT requirements, and promote expertise on these requirement also in the public sector.

·Competent authorities that have supervisory responsibilities over custodian wallet providers, and over providers engaged in exchange services between virtual and fiat currencies, should perform formal sectoral assessments of risks arising from such firms and promote risk awareness and guidance to the firms using available legal tools.

· Competent authorities should also consider the extent to which financial sectors they supervise are particularly exposed to the risks associated with crypto-assets, for example, because they accept firms dealing with crypto-assets as customers, and take steps to raise awareness of those risks as appropriate.

·Competent authorities should monitor developments in this area closely and assess whether changes to national legal and regulatory AML/CFT frameworks are required taking account of the EC legislative proposals highlighted above.

·Competent authorities should ensure that NFT sales platforms are covered under the categories of obliged entities submitted to their customer due diligence and other AML/CFT obligations.

·Competent authorities should further regulate DeFi applications to ensure they do not perform crypto-assets services providers while escaping the correspondent responsibilities as obliged entities, and reinforce the monitoring of their functioning to ensure there are no hidden management body that should be made liable for the activities of declared DEFIs.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

For the sector:

·Crypto-assets services providers should prepare themselves to an effective implementation of new AML/CFT obligations like the travel rule, including through the development of travel rule solutions.

For the Commission 133 :

·The Commission will assess suitable ways to complete its regulatory framework so as to ensure that crypto-assets and all crypto-assets service providers are properly covered by anti-money laundering obligations and notably the FATF travel rule on information accompanying crypto-assets transfers.

· The Commission will assess the possibility to give the Member States the possibility to require that crypto-assets services providers established on their territory in forms other than a branch and the head office of which is situated in another Member State to appoint a central contact point (as it is currently the case for Electronic money issuers and payment service providers).

·The Commission will assess the possibility to ban the opening, the custody and the use of anonymous crypto-assets wallets.

·In 2022, the Commission will issue a report on the implementation of AMLD5 and efforts by the Member States to implement the FATF standards.

12. Business loans

Product

Credit loans

Sector

Credit and financial sector (including insurance companies)

Description of the risk scenario

Perpetrators repay business loans with criminal funds (sometimes using credit cards in order to legitimise sources of funds). Loans give criminal funds an appearance of legitimacy.

Additionally, loans between private entities constitute an important typology, often difficult to detect.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to business loans shows that there have been few cases of terrorist organisations using them as a means of collecting funds. Generally, members of these organisations do not qualify for such loans (level of salary too low, funds originating from social benefits). This is confirmed by, in some cases, sanctioned entities (listed organisations) having tried to use business loans to finance terrorist activities through shell companies. Nevertheless this scheme requires a high level of expertise and knowledge. Further, competent national authorities found that TF risks can arise from consumer financing and the use of counterfeit identities or other frauds in loan application documents 134 .

Conclusions: There is limited evidence that criminals have used/have the intention of using this method. Therefore, the terrorist financing threat related to business loans is considered as less significant (level 1).

Money laundering

While loan fraud (e.g. using strawmen, false documentation or establishing a fake loan to use a bank to transfer funds) are more common, incidents of laundering money through business loans have also been identified.

Europol’s European Financial Intelligence Public Private Partnership (EFIPPP) information:

In relation to ML through real estate, various business loan schemes are known:

Loan-back schemes: Criminals lend each other money to purchase real estate using corporate vehicles they control, creating the appearance that the funds are legitimate and deriving from a real business activity. Examples: a) Inter-company loans of considerable amount without apparent business rationale used to purchase real estate, b) Use of payable-through accounts by which incoming payments from abroad are immediately transferred without an apparent reason, c) Loans directly from offshore companies with no direct relation with borrower.

Back-to back Loans: A financial institution lends money or provides a guarantee based on the existence of collateral originating from illicit activities, such as illicit money deposited by the borrower. The bank is seen as the apparent lender, whereas the borrower is in fact borrowing from himself under the guise of a loan and is using these funds to finance the acquisition of real estate. Examples, a) Prospective buyer is paying for real estate with funds originating from offshore or secrecy jurisdictions, b) Real-estate loans above or equal to the building acquisition value.

Mortgage Schemes: a) Successive buying and selling of the real property involved, b) Borrower receives several mortgage loans relating to multiple properties.

In addition, the Covid-19 pandemic gave rise to new crime typologies, such as misuse of government funds, in particular in relation to the quick disbursement of Covid-relief funds which firms under pressure to pay out may be ill equipped to manage 135 . Some organised criminal groups have been active in providing loans to businesses in need by lending money during the COVID-19 crisis (“loan sharking”). Organised criminal groups target distressed companies with the view of later acquiring control over them and using them as a cover for their illegal ventures. Furthermore, criminals can acquire non-performing loans, using front-runners and front companies, and achieve the desired infiltration.

Further, perpetrators may be increasingly attempt to launder money through dormant companies, buy out financially the risk of loan fraud 136 .

Conclusions: There is some evidence that criminals have used/have the intention of using this method. Therefore, the money laundering threat related to business loans is considered moderately significant (level 2).

Vulnerability

Terrorist financing

The assessment of terrorist financing vulnerability related to business loans has been considered in conjunction with money laundering schemes related to business loans.

Conclusions: The level of terrorist financing vulnerability is considered as less significant (level 1).

Money laundering

The assessment of the money laundering vulnerability related to made the following findings:

a) risk exposure

The main risk posed by these products lies in their possible early redemption by firms, sometimes in cash (with funds from increasing capital operations of unknown origin).

b) risk awareness

Financial institutions appear to be sufficiently aware of the risk of fraud that may arise in relation to business loans. The assessments are expected to be more thorough than for consumer loans, as the value of business loans are generally higher and financial institutions need to be sure that they can recover the funds. Vulnerability is lower where cash redemption is not accepted. Some conflicts of interest arise where non-performing loans are redeemed. However, more attention could be paid to remote onboarding solutions for Customer Due Diligence purposes. 137

c) legal framework and checks

The regulatory requirements on business loans are robust as European rules (going beyond the AML/CFT framework) require financial institutions to take adequate measures, e.g. customer due diligence and ongoing monitoring, to identify the borrower and to address potential AML/CFT and credit risks. At least in the banking sector, the checks in place are considered to be consistent with the volume of transactions.

Conclusions: The level of money laundering vulnerability is considered moderately significant (level 2).

Risk level

As regards terrorist financing, both the levels of threat and vulnerability have been assessed as lowly significant (1).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, both the level of threat and the level of vulnerability have been assessed as moderately significant (2).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for terrorist financing, is level 1, LOW and for money laundering it is level 2, MEDIUM.

Mitigating measures

For Member States / competent authorities:

·Thematic inspections of non-bank operators, focusing on the monitoring systems to detect the early redemption of loans.

·NCAs should (on a comply-or-explain basis) monitor the mitigating measures suggested in the EBA Guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions (‘The ML/TF Risk Factors Guidelines’) 138 .

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

13. Consumer credit and low-value loans

Product

Credit loans

Sector

Credit and financial sector

Description of the risk scenario

Members of terrorist/organised crime groups take out ‘payday’ loans (i.e. short term, low value but high interest loans), consumer credit or student loans. They also use credit cards to withdraw cash from cashpoint machines, generating a negative account balance. They disappear with the funds, with no intention of reimbursing the credit.

These kind of loans can also be used to launder the proceeds of criminal activity. The loans can be used to buy high value goods (e.g. cars, jewellery) and then redeemed early.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to consumer credit and low value loans suggests that members of terrorist groups use this method to finance travel by foreign terrorist fighters to high risk non-EU countries. The most commonly used low-value product is consumer credit. The attraction of low value loans is that they do not necessarily require a high level of expertise or planning and the fact that credit providers need to process large number of loans every day.

As summarised by the EBA, the majority of competent authorities assessed the inherent ML/TF risk as moderately significant and only a limited number of NCAs found the risk to be significant or very significant. However, as the European AML/CFT regime does not require NCAs to cover also credit intermediaries, not all NCAs involved might have assessed this additional risk stemming from credit intermediaries with few direct contacts with their customers, and therefore potentially facing difficulties in ongoing monitoring and lack of oversight in the application of Customer Due Diligence (CDD) measures 139 .

Conclusions: Consumer credit and low value loans are attractive for members of terrorist groups, who have used/are using this method quite frequently. Certain jurisdictions may place conditions on access to consumer credit or low value loans, but this does not seem to constitute an obstacle for terrorist organisations. Therefore, the terrorist financing threat related to low value loans is considered significant (level 3).

Money laundering

Due to their low value, these products offer less money laundering potential than other financial products, but criminal organisations use them to finance the purchase of goods and then redeem the loans by cash. This might be even more problematic with quick consumer credit offered digitally, often by non-bank lenders, since access becomes very fast and creditworthiness checks can be less thorough (e.g. because some products are exempted from legislative requirements or because supervision is more difficult) 140 .

Conclusions: Consumer credit and low value loans are not as attractive for criminal organisations as other financial products, but they can be used indirectly to launder the proceeds of criminal activity. Transactions are usually low value, but some criminal groups have been able to split large amounts into several transactions. Therefore, the money laundering threat related to low value loans is considered moderately significant (level 2).

Vulnerability

Terrorist financing

The assessment of terrorist financing vulnerability related to consumer credit/low-value loans made the following findings:

a) risk exposure

While the products are quite common, they generally involve low amounts and have a limited cross-border dimension. 141 Nonetheless, the amounts in question can facilitate terrorist action, so the terrorist financing risk exposure is not negligible. The inherent risk can be greater in relation to institutions and intermediaries that specialise in fast consumer loans, in particular due to the enhanced risk the usage of counterfeit identities that need appropriate assessments even when processing a high number of loan applications on a daily basis. CAs also noted that the sector was vulnerable to being used for terrorist financing purposes, as small amounts of credit can be obtained to finance terrorism 142 .

b) risk awareness

This assumed low risk exposure is outweighed by the fact that, because of the small amounts and the high number of rapidly processed loans, risk awareness may be lower than for individual loan applications. In addition, as with business loans, there is more awareness of risks of fraud than of terrorist financing, so terrorist financing red flags may not necessarily be triggered. The IT systems in place are not necessarily equipped to detect forged documents.

Where credit or other financial institutions are involved, the terrorist financing checks can be considered robust as European rules (going beyond the AML/CFT framework) require these entities to take adequate measures, e.g. customer due diligence and ongoing monitoring, to identify the borrower and to address potential AML/CFT and credit risks. However, other credit intermediaries, that are currently not supervised, such as recent market entrants or telecommunications companies, are less aware of the risks and have less effective monitoring systems.

c) legal framework and checks

While consumer credit/low-value loans provided by credit institutions or financial institutions are covered by the AML/CFT framework and other relevant sectoral legislation (e.g. CRD/CRR, CCD) at EU level, national legislations vary considerably as regards documentation requirements. Some Member States require specific documents, while others do not. In particular, the rules regulating the use of digital identities for digital customer identification and verification still vary due to a lack of harmonised requirements at EU level.

Conclusions: The volume of transactions and amounts at stake are usually low, but that does not reduce the inherent terrorist financing risk. The possible ineffective alert systems and checks in some firms that provide consumer credit may add to the terrorist financing vulnerability. Some new market entrants may also be less aware of terrorist financing risks as compared to incumbents (e.g. specialist lenders or the banking sector. The differences between national legislative frameworks show that the capacity of competent authorities and financial intelligence units to detect suspicious transactions may be limited, especially where loans are granted by non-financial entities. Therefore, the level of terrorist financing vulnerability related to low-value loans is considered significant (level 3).

Money laundering

The assessment of money laundering vulnerability related to consumer credit/low-value loans made the following findings:

a) risk exposure

Despite the relatively low amounts associated with consumer credit, vulnerabilities can be high if, for instance, firms in the sector lack the proper monitoring systems to detect linked transactions or if customers can repay loans using cash payments. The low solvency thresholds to qualify for loans can affect the customer due diligence requirements in the case of financial institutions. The risk is higher where loans are granted by non-financial institutions that are not subject to AML/CFT obligations – the so-called “non-banking lending”.

Competent authorities have identified risks of fraud deriving from delivery channels that often involve agents, whom firms find harder to monitor. Competent authorities are also concerned about the risk of abuse of credit cards, risks related to money mules and mule accounts, and transfers of funds from cybercrime or online fraud.

b) risk awareness

As with terrorist financing, the assumed low risk exposure is outweighed by the fact that, because of the small amounts and the high number of rapidly processed loans, risk awareness may be lower than for individual loan applications. Again, risk awareness seems more oriented towards risks of fraud than of money laundering. Hence, money laundering red flags may not necessarily be triggered in the sector, especially in the event of early redemption of the loan. Where financial institutions are involved, money laundering checks may be considered more robust, but recent market entrants, such as telecommunications companies, are not subject to AML/CFT obligations, might be less aware of money laundering risks and may have less effective monitoring systems.

c) legal framework and checks

While consumer credit/low-value loans are covered by the AML/CFT framework at EU level, national legislations vary considerably as regards documentation requirements and the required due diligence due to the current lack of a harmonised rulebook at EU level.

As regards other credit intermediaries that are currently not covered by the definition of obliged entities within the AML/CFT framework, some Member States require specific due diligence measures, while others do not. Both shortcomings of the current AML/CFT framework are being addressed by legislative proposals of the AML/CFT package published by the European Commission in July 2021.

Conclusion: While the patterns of transactions and amounts at stake limit the risk exposure of the sector, vulnerability may be higher where loans are granted by non-banking institutions. The differences between national legislative frameworks show that the capacity to detect suspicious transactions is limited, especially where loans are granted by non-financial entities. Therefore, the level of money laundering vulnerability related to low-value loans is considered moderately significant (level 2).

Risk level

As regards terrorist financing, both the levels of threat and vulnerability have been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, both the levels of threat and vulnerability have been assessed as moderately significant (2).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for terrorist financing it is level 3, HIGH, and for money laundering is level 2, MEDIUM.

Mitigating measures

For Member States / competent authorities:

·Thematic inspections in the sector, focusing on the assessment of monitoring systems to detect the early redemption of loans.

For the Commission:

·Improve cooperation between obliged entities (mainly financial institutions) and law enforcement agencies in order to improve the effectiveness of systems for monitoring terrorist financing.

·Remote on-boarding: In the AML package from July 2021, the European Commissions proposed amendments to the rules on Customer Due Diligence (CDD). The new rules should facilitate and strengthen secure remote customer onboarding, and have been designed to be coherent with the Commission’s proposed amendment to the eIDAS Regulation in relation to a framework for a European Digital Identity, including European digital identity wallets and relevant trust service, in particular electronic attestations of attributes 143 .

·Credit intermediaries that are not financial institutions are currently not subject to AML/CFT obligations at EU level, except in certain Member States. In order to close this regulatory loophole, the European Commission proposed that credit intermediaries and consumer credit providers, regardless of whether they are licenced as credit or financial institutions, should be considered obliged entities under the revised AML/CFT framework 144 .

·As highlighted by the EBA, prudential supervisors should pay attention to ML/TF risks within the context of the credit granting process of the institution. In particular, prudential supervisors are encouraged to assess that institutions have systems and controls in place to ensure funds used to repay loans are from legitimate sources. In this context, financial institutions should ensure that they comply with the national measures implementing the EBA guidelines on loan origination and monitoring, which – among others – require financial institutions to identify, assess and manage the ML/TF risk associated with the type of customers they serve, the lending products they provide, the geographies to which they are exposed and the distribution channels they use. They should consider the purpose of the credit and take risk-sensitive measures to understand if the funds used to repay the credit, including cash or equivalents provided as collateral, are from legitimate sources 145 .

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

14. Mortgage credit and high-value asset-backed credits

Product

Mortgage credits

Sector

Credit and financial sector

Description of the risk scenario

Money laundering: Perpetrators disguise and invest the proceeds of crime by way of real-estate investment. The proceeds are used for deposits, repayments and early redemption of the credit agreement.

Terrorist financing: Perpetrators use (medium/long-term, low-interest) high-value asset-backed credit/mortgage loans to fund plots. Loans are taken out for relatively high amounts to access funds that are untraceable as long as the money is not transferred.

According to the latest Europol report on serious and organised crime threat assessment in the European Union from April 2021, most criminal groups and networks (68%) use basic money laundering methods such as investing in property or high-value goods. While investments in real estate and high-value goods is a common way to disguise the origin of the criminally acquired funds (see separate fiche on real estate), the Europol report does not provide any indication as regards to an enhanced usage of mortgage or high-value asset backed credits. However, as regards fraud, it points out that the most common form of bank fraud is loan and mortgage fraud (e.g. using by recruiting straw persons and forged documents) 146 .

Impact of the Covid-19 pandemic

The current economic climate may make real estate firms or their customers more susceptible to financial difficulties or other pressures, thus creating incentives to ignore or circumvent AML rules and other controls. Less stringent controls by real estate operators and professionals may result in a higher risk of being exposed to mortgage-related fraud.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to mortgage credit shows that terrorist groups find this method difficult to use and to access. In only a few actual cases have terrorist organisations used it to collect funds. It does not correspond to their needs as it requires extensive documentation requested by creditors to the future borrowers as part of the creditworthiness assessment, or the ownership of real estate goods to sell. In addition, the purpose of mortgage credit is to give a third party access to funds, so it does not give terrorist organisations easy and speedy access to funds unless they have built up a relationship of complicity with such a third party. Finally, buying an asset at an inflated price can still be a way to transfer big amounts of money, but the property valuation usually done by creditors should help mitigate this risk.

Conclusions: Mortgage credit requires a high level of knowledge and expertise to understand the product and provide the relevant documentation requested by the creditors to the future borrowers as part of the credit worthiness assessment (forged documents). It is not attractive, as it involves the complicity of a third party (beneficiary of the funds). Therefore, the terrorist financing threat related to mortgage credit is considered as being of low significance (level 1).

Money laundering

The assessment of the money laundering threat related to mortgage credit shows that organised crime organisations have frequently used this method. They are well equipped to provide false documentation and the structure of the mortgage (with third-party involvement) helps them to hide the real beneficiary of the funds. Mortgage credit constitutes an easy way to enable criminals to own several properties and to hide the true scale of their assets. This method is still used for the integration phase (mostly for lower amounts, as it does not require sophisticated operations). However, it is more often used in combination with concealment of the beneficial owner of real estate behind a complex chain of ownership.

Europol Financial Intelligence Public Private Partnership (EFIPPP) information – A known mortgage scheme:

Illicit actors obtain mortgage loans to buy properties. Illegal funds obtained subsequently are used to pay the interest or repay the principal on the loan, either as a lump sum or in instalments. The mortgaged funds are alternatively transferred to accounts offshore and presented as the legitimate source of the funds while the borrower defaults on the loan.

Indicators: Borrower provides forged documentation overestimating the market value of the property to purchase or renovate with the mortgage. Successive buying and selling of the real property involved. Borrower receives several mortgage loans relating to multiple properties. Establishment of trust accounts managed or in the custody of a third party to purchase properties and pay off mortgages.

.

Conclusions: In the money laundering context, mortgage credit is a vehicle favoured by criminal organisations. It enables them to hide the volume of assets and the beneficial ownership. It requires a moderate level of expertise. Consequently, the money laundering threat level related to mortgage credit is considered significant (level 3).

Vulnerability

Terrorist financing

The assessment of terrorist financing vulnerability related to mortgage credit shows that it is not vulnerable to terrorist financing risks — law enforcement agencies have detected few cases (if any). The terrorist financing checks and risk awareness are similar to those for retail banking.

Conclusions: Low significance (level 1).

Money laundering

The assessment of money laundering vulnerability related to mortgage credit shows that:

a) risk exposure

Inherent risk can be high, because of the link with the real-estate sector, which criminal organisations prefer to use to launder the proceeds of their activity by means of high-value transactions. Where credit institutions are involved, inherent risk can be lower, but it is also exposed to high-risk customers (e.g. politically exposed persons). Further, mortgage creditors and intermediaries that are not financial institutions are currently not subject to AML/CFT obligations at EU level they are subject to greater risks.

b) risk awareness

Awareness in credit institutions can be considered as satisfactory, however some shortcomings have been identified in some key checks performed by credit institutions. 147 In addition, other actors in this sector (e.g. notaries) can help to mitigate inherent risk. Nevertheless, banks can face conflicts of interest where laxer checks will allow high-risk customers to redeem large mortgages or non-performing loans.

Vulnerability is higher where real-estate transactions and associated mortgages involve transfers of funds from a bank account in a Member State with weaker anti-money laundering checks for high-risk customers. This weakness is linked to horizontal vulnerabilities in supervision and a lack of full harmonisation of the current AMLD framework.

Further, EBA has highlighted that where a product allows payments from third parties that are neither associated with the product nor identified upfront, where such payments would not be expected, for example for mortgages or loans, and lending (including mortgages) secured against the value of assets in other jurisdictions, particularly countries where it is difficult to ascertain whether the customer has legitimate title to the collateral, or where the identities of parties guaranteeing the loan are hard to verify may contribute to increasing risk.

c) legal framework and checks

Mortgage credit is included in the AML/CFT framework at EU level. The checks are considered quite effective where the mortgage credit is provided by credit institutions (e.g. information checked as part of the credit worthiness assessment, verification of the source of collateral, and tax or financial statements on the borrower). In addition, other participants in the process (such as notaries) can contribute to further mitigating the risk. In addition, EBA has provided further guidance factors that may contribute to reducing the AML/CFT risk for mortgages. 148

Conclusion: Where provided by banks, mortgage credit products are as vulnerable as deposits on accounts. The interaction with the real-estate sector generally increases vulnerability, however other participants in the transactions, as notaries, can reduce vulnerability. Therefore, the level of money laundering vulnerability related to mortgage credit is considered moderately significant (level 2).

Risk level

As regards terrorist financing, both the levels of threat and vulnerability have been assessed as lowly significant (1).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as moderately significant (2), whereas the level of vulnerability has been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for terrorist financing it is level 1, LOW, and for money laundering is level 3, MEDIUM.

Mitigating measures

For Member States / competent authorities:

·Thematic inspections in the sector, focusing on the assessment of the monitoring systems to detect the early redemption of loans, and on the effectiveness of customer due diligence measures, especially where High-risk Third Countries customers are involved.

·Mortgage creditors and intermediaries that are not financial institutions are currently not subject to AML/CFT obligations at EU level, but in certain Member States. In order to close this regulatory loophole the European Commission proposed that mortgage credit intermediaries and consumer credit providers regardless of whether they are licenced as credit or financial institutions should be considered obliged entities under the revised AML/CFT framework 149 .

·As highlighted by the EBA, prudential supervisors should pay attention to ML/TF risks within the context of the credit granting process of the institution. In particular, prudential supervisors are encouraged to assess that institutions have systems and controls in place to ensure funds used to repay loans are from legitimate sources. In this context, financial institutions should pay intention to comply with the national measures implementing the EBA guidelines on loan origination and monitoring, which – among others – require financial institutions to identify, assess and manage the ML/TF risk associated with the type of customers they serve, the lending products they provide, the geographies to which they are exposed and the distribution channels they use. They should consider the purpose of the credit and take risk-sensitive measures to understand if the funds used to repay the credit, including cash or equivalents provided as collateral, are from legitimate sources 150 .

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

15. Life insurance

Product

Life insurance

Sector

Insurance sector

General description of the sector and related product/activity concerned

Life insurance companies offer a range of investment products, with or without guarantees, and include life insurance benefit as a component. Based on the gross written premiums, the most dominant lines of life insurance business in the EEA are unit-linked and index-linked insurance, other life insurance, and with profits insurance.

According to the EIOPA statistical database 151 , the total reported assets of insurance corporations in the euro area for end of 2019 were EUR 12.706 billion covering EUR 11.105 billion of liabilities. Around EUR 9.009 billion is allocated to life insurance obligations. EU life premiums amounted to EUR 938 billion in 2019.

In addition to the AMLD (and in the future AMLR), specific provisions in the sectoral legislation aim to mitigate the risks involved in using life insurance companies as an investment vehicle. Article 59 of Directive 2009/138/EC (Solvency II) (resp. Article 323 of Commission Delegated Regulation (EU) 2015/35) requires an assessment as to whether there are reasonable grounds to suspect that, in connection with the proposed acquisition (resp. qualifying holding of the shareholder or members having a qualifying holding in the special purpose vehicle), money laundering or terrorist financing is being / has been committed or attempted, or that the proposed acquisition (resp. qualifying holding) could increase the risk thereof.

Description of the risk scenario

Perpetrators can use life-insurance products to fund their activities. The ML/TF risk mainly stems from the investment related components, such as paying a high one-off premium or capital accumulation. In addition, life policies can be redeemed early to generate lump sums and the proceeds can be transferred to other beneficiaries.

Europol Financial Intelligence Public Private Partnership (EFIPPP) information in relation to investment fraud typology:

Promotions of variable annuities and indexed universal life policies with complex and hard-to-understand structures are mentioned as an indicator for so-called boiler room schemes. In those schemes, scammers take advantage of the recent decline in asset prices to sell fraudulent investments in gold, silver and other commodities labelled as a safe haven as well as low value stocks or high risk financial products such as derivative instruments and cryptocurrencies.

Money laundering and terrorist financing risks in the insurance industry relate in particular to life insurance and annuity products. These allow a customer to place funds into the financial system and potentially disguise their criminal origin, or to finance illegal activities. Relevant risk scenarios typically involve investment products in life insurance (rather than death or retirement benefit products as such).

The risks may arise where:

·an insurer* accepts a premium payment in cash (this is not a common practice);

·an insurer refunds premiums, upon policy cancellation or surrender, including when the premium is refunded to an account other than the source of the original funding (owned by a party other than the policyholder);

·the insurer fails to establish the source of investments on a risk sensitive basis;

·an insurer sells transferable policies (these are uncommon);

·investment transactions involve trusts, mandate holders, etc.;

·an insurer sells a small investment policy initially and the investor makes subsequent large investments without undergoing additional ‘know your customer’ due diligence;

·complex distribution channels are used (e.g. long chains of intermediaries, no face-to-face sales).

One of the specific TF risks associated with the life insurance products is that a beneficiary does not have to be identified and verified at the outset of the business relationship. So often the beneficiary of a life insurance policy is someone else than the customer. He/she only needs to be identified and verified at the payout stage.

There is a money laundering risk in all of the above scenarios. Perpetrators use risk scenarios 1 and 6 for placement, 2, 4 and 7 for layering and 2, 4, 6 and 7 for integration.

* All of the above scenarios may involve an insurer, its agent or an intermediary. For the sake of simplicity, we refer to ‘insurer’.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to life insurance shows that terrorist groups have limited interest in this method. It requires specific knowledge of the product and its specific characteristics. Further, life insurances are mostly designed for the long term or verifiable event, such as death or retirement and thus provide limited flexibility. Foreign terrorist fighters may take out life insurance and ask for the funds to be redeemed for the benefit of their family in the event of their suicide or death in battle. However, Member State legislation or insurance companies’ underwriting policies often do not allow this type of clause. Therefore, this risk is limited.

Conclusions: Law enforcement agencies have limited evidence of life insurance being misused for terrorist financing purposes. The need for knowledge and planning expertise make this method less attractive. Therefore, the terrorist financing threat related to life insurance is considered moderately significant (level 2).

Money laundering

The assessment of the money laundering threat related to life insurance shows that perpetuators can use this method, but complex arrangements are required to hide the proceeds of crime (bank account wrapped in an insurance policy, multiple accounts in third countries loaded with cash and used as collateral for a credit loan, sending money to the life insurance policy). Cases exist, but they are few and sophisticated planning and knowledge are required to make life insurance a viable option.

Conclusions: Some cases of life insurance being abused for money laundering purposes have been detected, but they are generally the result of sophisticated schemes. Therefore, the money laundering threat related to life insurance is considered moderately significant (level 2).

Vulnerability

Terrorist financing

The assessment of terrorist financing vulnerability related to life insurance shows that:

a) risk exposure

The misuse of life insurance mostly involves the placing of funds rather than their withdrawal. However, the risk exposure seems limited, given the volume of transactions concerned and the limited flexibility of these products. Most competent authorities assess the overall level of inherent terrorist financing risk as being of low or moderate significance. They consider the sector’s exposure to the terrorist financing risks arising from cross‐border transactions and activities to be insignificant. 152

b) risk awareness

The sector seems quite unaware of terrorist financing risks. Even though life insurers, as other obliged entities are required to continuously screen their customer database against PEP lists and high risk country lists most suspicious transaction reports are sent quite late in the process, because life insurers tend to wait for funds to be withdrawn before considering whether it is suspicious. Further, insurance companies often do not have client relationships with beneficiaries of the insurance policies and thus have access to much less information about their customers and beneficiaries than other sectors (e.g. banks), which reduces their ability to build comprehensive customer risk profiles. The lack of transactions means that suspicious activity is detected mainly on the basis of ‘unusual behaviour’. In the future, this risk could be addressed by further measures to identifying the beneficiary 153 .

c) legal framework and checks

Life insurance is included in the AML/CFT framework at EU level.

Competent authorities assess the quality of checks in this sector as largely good or very good. Where they identified weaknesses, these related mainly to the quality of both the business‐wide and individual risk assessments, and associated shortcomings in relation to the effectiveness of transaction monitoring and the identification and reporting of suspicious transactions.

Conclusions: Risk awareness in the sector is low, with the risk exposure being low as well. There are very few cases due to the limited attractiveness of the product. Therefore, the level of terrorist financing vulnerability related to life insurance is considered as being of low/moderate significance (level 1-2).

Money laundering

The assessment of the money laundering vulnerability related to life insurance shows that:

a) risk exposure

The misuse of life insurance mostly involves the placing of funds and the capital accumulation, rather than their withdrawal. However, the risk exposure seems rather limited, given the volume of transactions concerned. Most competent authorities assess the overall level of inherent money laundering risk as being of low or moderate significance. A small number of competent authorities, however, considered that the risk was significant and that the quality of the controls of insurance undertakings from an AML/CFT perspective could be improved. They consider the sector’s exposure to the money laundering risks arising from cross‐border transactions and activities to be less significant 154 .

b) risk awareness

The sector is well aware of the money laundering risks. However, as insurance companies often do not have client relationships with beneficiaries of the insurance policies they typically have access to much less information about their customers’ transactions than other sectors (e.g. banks), which reduces their ability to build up comprehensive customer risk profiles. 155

c) legal framework and checks

Customers are generally required to forward their investments to the insurance undertaking via their common bank accounts, which fall under the general requirements of the AMLD framework. Competent authorities assess the quality of checks in the sector as largely good or very good. Where they identified weaknesses, these related mainly to the quality of both the business‐wide and individual risk assessments, and associated shortcomings in relation to the effectiveness of transaction monitoring and the identification and reporting of suspicious transactions.

As in other sectors, Fin-Tech and Reg-Tech solutions are becoming more prevalent in the sector. They are considered an emerging risk by several competent authorities concerned about the lack of awareness (and sometimes the absence) of AML/CTF regulatory requirements applicable to Reg-Tech solutions and Fin-Tech services. A related emerging risk identified by competent authorities is the sector’s move to web‐based insurance platforms and associated challenges posed by accounts opened without the physical presence of the customer.

Conclusion: Life insurance is currently well framed and the sector seems quite aware of money laundering risks. The checks in place are correctly implemented. Therefore, the level of money laundering vulnerability related to life insurance is considered as being of low/moderate significance (level 1-2). Where life insurance products are used as investment products for wealth management or other investment services, the relevant risk level should be considered.

Risk level

As regards terrorist financing, the level of threat has been assessed as moderately significant (2), whereas the level of vulnerability has been assessed as low/moderately significant (1/2).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as moderately significant (2), whereas the level of vulnerability has been assessed as low/moderately significant (1/2).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both, money laundering and terrorist financing, is level 2, MEDIUM.

Mitigating measures

·Insurance undertakings should be able to identify higher risk situations, such as when the proceeds of the policy benefit a politically exposed person. To determine whether this is the case, the Commission presented a proposal in July 2021 that would require insurance policies to include reasonable measures to identify the beneficiary, as if this person were a new client. Such measures should be taken at the time of the payout or at the time of the assignment of the policy, but not later. Where there are higher risks identified, obliged entities shall: (a) inform senior management before payout of policy proceeds; (b) conduct enhanced scrutiny of the entire business relationship with the policyholder 156 .

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol. Other risk mitigating measures can be found in EBA’s sectoral guideline for life insurance undertakings 157 .

16. Non-Life insurance

Product

Non-Life insurance

Sector

Insurance sector

General description of the sector and related product/activity concerned

Non-life insurance policies are generally short-term in nature and serve to provide protection against unexpected loss, such as damage to property. Based on the gross written premiums, the most dominant lines of non-life insurance business are those linked to motor vehicle liability, fire and other damage to property, and medical expenses.

According to the EIOPA statistical database 158 , the total reported assets of insurance corporations in the euro area for end of 2019 were EUR 12.706 billion covering EUR 11.105 billion of liabilities. Around EUR 820 billion of those liabilities is allocated to non-life insurance obligations.

At EEA level the most dominant non-life line of business is fire and other damage to property (Gross written premiums of EUR 152 billion over 2019), followed by medical expense (GWP of EUR 152 billion) and motor vehicle liability (GWP of EUR 98 billion).

Specific provisions aim to mitigate the risks involved in holding shares of insurance companies. Article 59 of Directive 2009/138/EC (Solvency II) (resp. Article 323 of Commission Delegated Regulation (EU) 2015/35) requires an assessment as to whether there are reasonable grounds to suspect that, in connection with the proposed acquisition (resp. qualifying holding of the shareholder or members having a qualifying holding in the special purpose vehicle), money laundering or terrorist financing is being / has been committed or attempted, or that the proposed acquisition (resp. qualifying holding) could increase the risk thereof.

Description of the risk scenario

Perpetrators commit fraud involving workplace, car insurance, etc. to fund their activities.

Money laundering can occur in the context of, and as the motive behind, insurance fraud involving non-life insurance, e.g. where this results in a claim to recover part of the invested illegitimate funds. Relevant risk scenarios typically feature high-frequency premiums and cancellations. The risks may arise or materialise where an insurer*:

1.accepts premium payments in cash, although this is not a common practice; or

2.refunds premiums, upon policy cancellation or surrender, to an account other than the source of original funding (owned by a party other than the policyholder).

Money launderers seek to use scenario 1 for placement and scenario 2 for layering/integration.

* In the above examples, the process may involve the insurer or its agent or an intermediary. For the sake of simplicity, we refer to the ‘insurer’.

European Financial Intelligence Public Private Partnership (EFIPPP) information:

In relation to investment fraud, a possible victim indicator of so-called boiler room schemes is the transfer of funds to third parties related to fees for insurance, bank services, lawyers, notary and other.

Also, in relation to ransomware and cryptocurrencies, an indicator of ransomware payments is payments from an organization – in particular from a sector at high risk for targeting by ransomware – to Digital Forensics and Incident Response (DFIR) firm or Cyber Insurance Company (CIC) specializing in assisting victims of ransomware attacks.

Threat

Terrorist financing

Similarly, the terrorist financing risk relates to insurance fraud to access sources of revenue for terrorist activities. Such schemes have been detected in workplace insurance and car insurance, for instance. It is difficult to say that this method has no relevance and some evidence of its use has been gathered following terrorist attacks, but it does require a degree of planning and large paper trails that make it relatively unattractive for terrorist groups.

Conclusions: Law enforcement agencies have limited evidence of non-life insurance being misused for terrorist financing purposes. It requires knowledge and planning expertise, which make it relatively unattractive. Therefore, the terrorist financing threat related to non-life insurance is considered of low significance (level 1).

Money laundering

The assessment of the money laundering threat related to non-life (e.g. car or workplace) insurance shows that, unlike terrorist financing, money laundering abuses require sophisticated schemes that render the risk scenario insufficiently secure or attractive. Law enforcement agencies have limited evidence of non-life insurance being used to launder the proceeds of crime 159 .

Conclusions: Non-life insurance is generally not used for money laundering purposes, as it requires a degree of planning and expertise that make it relatively unattractive. Therefore, the money laundering threat related to non-life insurance is considered as being of low significance (level 1).

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability related to non-life (e.g. car or workplace) insurance shows that two main situations may occur:

I.fictitious claims in motor vehicle retail /

II.car insurance fraud: funds from the fraud are sent by cash transfer.

a) risk exposure

The risk exposure is limited, as huge sums of money are concerned and the funds cannot be accessed without prior identification.

b) risk awareness

In general, non-life insurance could be more vulnerable than life insurance, not because of its business model but because the sector is not necessarily aware of the risks (customer due diligence is not implemented and there is no record-keeping) and specific terrorist financing or money laundering red flags are not always triggered. Insurance issuers tend to pay more attention at the moment of the pay-out, when the risk is perceived to be greater, and to insurance fraud more broadly.

c) legal framework and checks

Non-life insurance is not covered by the AML/CFT framework at EU level. Where Member States have regulation in place, checks (in some cases involving self-declarations) seem to work satisfactorily.

Conclusions: In many Member States, legislation has led to checks being carried out and raised awareness in the sector. However, there are still some weaknesses in the detection of suspicious transactions and reporting. Therefore, the level of terrorist financing vulnerability related to non-life insurance is considered moderately significant (level 2).

Money laundering

The assessment of money laundering vulnerability related to non-life (e.g. car or workplace) insurance shows that:

a) risk exposure

As usually prior identification is necessary for the transfer of funds, the risk is limited. However, non-life insurance can be misused for money laundering purposes in a broader context of fraud (fake investment, empty shell).

b) risk awareness

The implementation of customer due diligence is not widespread in the EU, but when Member States have an anti-money laundering framework in place for non-life insurance, they note that obliged entities tend not to apply any customer due diligence at all.

However, considering the number of cases concerned, there is no evidence that this increases the ML risk.

c) legal framework and checks

There are no EU requirements to include non-life insurance in the scope of AML/CFT. The non-life insurance framework depends on national legislation.

Conclusions: Few cases have been detected of non-life insurance being misused for money laundering purposes. Generally, this is done as part of a broader fraud scheme. Therefore, the level of money laundering vulnerability related to non-life insurance is considered as being of low significance (level 1).

Risk level

As regards terrorist financing, the level of threat has been assessed as of low significance and the level of vulnerability as moderately significant (2).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the levels of threat and vulnerability have been assessed as lowly significant (1).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for terrorist financing is level 2, MEDIUM, and for money laundering level 1, LOW.

Mitigating measures

No further proposal is made at this stage.

17. Safe custody services

Product

Safe custody services

Sector

Credit and financial sector and private security companies

Description of the risk scenario

Safe deposit boxes are viewed as a tool to store cash whilst implementing the three stages of money laundering (Placement, Layering and Integration). Perpetrators rent multiple (commercial or banking) safe custody services to store large amounts of currency, monetary instruments or high-value assets pending their conversion to currency, for placement into the banking system. Similarly, they may establish multiple safe custody accounts to park large amounts of securities pending their sale and conversion into currency, monetary instruments, outgoing funds transfers or a combination of these, for placement into the banking system. Perpetrators can also buy the relevant services through front persons, thus rendering them directly or indirectly via a front person.

Threat

Terrorist financing

For the purpose of this Supranational Risk Assessment the terrorist financing threat related to safe custody services would be no different from the threat relating to organised crime and money laundering. Therefore, it is not being considered as different to the threat of abuse for the purpose of money laundering.

Conclusions: Not relevant

Money laundering

The assessment of the money laundering threat related to safe custody services shows that a particular characteristic of this risk scenario is that the assets are stored and not necessarily converted. As a result, it may not be financially attractive. However, it does make it possible to hide the proceeds of crime with no risk of detection. According to law enforcement agencies, these ‘dormant’ deposit systems are being used increasingly to make safe deposits and take assets out of the financial system.

Exact data on the number of persons that have access to a safe deposit box are difficult to obtain, because safe custody services are also used for relatives, associates, friends, etc. This is an additional aspect of the money laundering threat, as the person who has deposited funds will not necessarily be the one withdrawing them. The ability to obtain a safe deposit box using fraudulent identification also adds another element of risk to the cash storage sector.

Also, market players other than banks provide such services (storage facilities), which extends the range of tools available to criminal organisations and raises the threat level. Risk rating is primarily due to the inability of safe custody services employees to obtain information relating to the contents of the boxes and customers having unlimited access to facilities.

Conclusions: Many Member States have noticed a rising trend in the use of this method by criminal organisations to hide the proceeds of crime. Safe custody services are quite attractive, because they do not require specific expertise and are a fairly secure tool to escape tax or anti-money laundering checks. Therefore, the money laundering threat related to safe deposits is considered significant (level 3).

Vulnerability

Terrorist financing

Terrorist financing vulnerability related to safe custody services is not considered particularly relevant. Therefore, terrorist financing vulnerability is not part of the assessment.

Conclusions: Not relevant.

Money laundering

In assessing the money laundering vulnerability related to safe deposits, a distinction should be made between services provided by credit institutions and those provided by non-banking entities (storage facilities).

a) risk exposure

In both cases, the risk exposure is high, because large sums of cash may be at stake. This level of risk exposure may be greater where high-risk customers are involved.

b) risk awareness

Basic aspects of customer due diligence apply to safe custody services provided by credit institutions. Some competent authorities take a proactive approach in this sector, but banks remain vulnerable with regard to the contents of safe deposit boxes. Generally, they have no information on the funds placed in them. The private companies that provide such services do not all comply with AML/CFT requirements and some accept cash payment for the rental of safe deposit boxes. Another question is whether the risk of money laundering arises at the time of the storage or only once the funds are inserted in the real economy 160 . From a law enforcement perspective, the more funds are stored, the easier it is to maintain the anonymity of a transaction.

c) legal framework and checks

Safe custody services are not included, as such, in the AML/CFT legal framework at EU level. However, safe custody services provided by credit and financial institutions are included in the framework applicable to those obliged entities.

Undertakings providing safe custody services as listed in point 14 in Annex I to Directive 2013/36/EU are specifically subject to AML/CFT rules. However, in practice, financial institutions may not be in a position to meet their monitoring obligations and assess the source of funds, since they are not aware of the contents of the safe deposit boxes 161 . In addition, this does not cover commercial storage companies or other storage facilities that may be used for similar services. In some countries, certain storage/safe services in general are regulated and supervised as such.

Conclusions: Where provided by credit and financial institutions, safe custody services are subject to customer due diligence requirements and checks. However, it is not always possible to establish the exact source of funds and ongoing monitoring may have a blind spot, since the financial institution is usually unaware of the contents. In addition, safe deposits may be accessible to parties other than the initial customer, which increases vulnerability. The market is fragmented, with the emergence of private entities and other commercial storage/safe services. Therefore, the level of money laundering vulnerability is considered moderately significant/significant (level 2-3).

Risk level

As regards terrorist financing, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as moderately significant/ significant (level 2/3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as moderately significant/ significant (level 2/3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both, money laundering and terrorist financing is HIGH.

Mitigating measures

There already exist limited controls to overcome the privacy requirements in the safe deposit box sector. Nevertheless, consideration should be given to improving current identity verification processes and access monitoring capabilities to address that fact that parties other than the initial customer may deposit or collect funds.

For Member States / competent authorities:

·Thematic inspections in the sector, focusing on the effectiveness of customer due diligence requirements of financial and non-financial institutions offering safe custody services.

·Considering the cross-border nature of ML and TF, Member States should seek internal cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

NON-FINANCIAL PRODUCTS

1. (Legal arrangements including) Trusts

Product

Trusts

Sector

Non-financial products

Description of the sector

Recent money-laundering scandals confirm that legal entities and arrangements are a favourite vehicle employed by criminals to disguise the proceeds of crime as legitimate corporate trade, often through complex structures and networks, which hide the beneficial owners.

Trusts are legal arrangements originally developed in common law jurisdictions. Within a trust, a settlor transfers assets to a trustee, who exerts control over these assets in the interests of one or more beneficiaries as determined by the settlor. The assets held in the trust constitute a separate patrimony from that of the trustee, while other parties, such as the settlor and protector, may also exert some level of control or influence over it 162 .

Other arrangements may emerge as similar to trust by structure or function. Like trusts, they enable a separation of legal and beneficial ownership of assets. This does not necessarily mean divisibility of ownership – a concept typical of common law but not recognised under civil law 163 . Rather, a mechanism where the property is entrusted to one person, who holds the title to it or manages it for the benefit of one or more other persons or for a specific purpose 164 .

As commonly used within the Union, EU rules and FATF standards 165 point to the following arrangements as to be considered similar to trusts 166 :

Fiducies;

Treuhand;

Svěřenský fond;

The Commission published an overview of legal arrangements notified by the Member States as having a similar structure or function to trusts 167 , which resulted in a fragmented picture due to the complexity of identifying and classifying the legal arrangements at hand.

Sixteen Member States 168 indicated that no trusts or similar legal arrangements are governed by their laws, while the remaining Member States 169 notified trusts or similar legal arrangements being governed by their laws.

Threat

Terrorist financing

In general, there is little evidence to date that trusts and other type of legal arrangements have been misused for the purpose of financing terrorism. Possibly due to the costs associated with setting up these arrangements, they do not appear to be particularly attractive to groups that carry out TF activities. The configuration of fiduciary structures does not allow the rapid management or disposition of funds – that usually accompanies TF activities – and demands a series of requirements to be carried out – which makes it difficult to use these structures for TF purposes 170 .

Conclusions: The terrorism financing threat relating to trusts and other legal arrangements is considered lowly/moderately significant (level 1/2).

Money laundering

Perpetrators can make use of trusts and similar legal arrangements in order to increase opacity within money laundering operations, by hiding the link with the real beneficial owner.

A recent study estimates that, on average, “1.2% of limited companies in the EU Member States, UK and Switzerland are controlled by a trust, a fiduciary or another legal arrangement that does not allow the beneficial owners to be identified. In some countries, such as the Netherlands (25.6%) and Luxembourg (8.7%), the percentage is much higher” 171 .

Cases, as reported below, show that trusts and similar legal arrangements can be misused in order to hide (personal) assets from being detected, frozen and confiscated, and to commit tax crimes 172 and cross-border operations of money laundering.

Additionally, the risks of misusing trusts seems to increase when several participants to the trust coincide with the same natural or legal person, or when trusts are set up under the law of a foreign jurisdictions (so-called, foreign trusts) 173 . Due to the potential lack of coordination and exchange of information between national authorities, foreign trusts can make the most of the differing treatment of these legal arrangements by different Member States 174 and put transparency particularly at risk 175 . A related risk is the use of intermediaries to hide the existence of a trust established in another jurisdiction in order to prevent its detection by a Member State – where a rigorous system of due diligence and communication by the obliged entities may apply 176 .

The case-studies presented below highlight some of the main ML threats posed by the misuse of trusts. In particular:

In-depth analysis of trust deeds reveal the truth on ultimate control by paying attention to attribution of certain powers to the settlor;

Enhanced anonymity offered by trusts and similar legal arrangements can provide significant benefits to criminal operations;

Almost all of the cases involving the use of legal arrangements also involve company or other legal entities. Trusts and similar legal arrangements are rarely used in isolation to hold assets and obscure beneficial owners, but they generally are part of a wider scheme;

Client is reluctant or unable to explain their source of wealth/funds;

Legal person or arrangement incorporated/formed in a low-tax jurisdiction or international trade or financial centre;

Focused on aggressive tax minimisation strategies;

Correct documents not filed with the tax authority;

Falsified paper trail;

Funds involved in the transaction are sent to, or received from, a low-tax jurisdiction or international trade or finance centre.

MISUSE OF FOREIGN TRUSTS 177

Following a complex criminal police investigation, authorities carried out the preventive seizure of funds, which were held in the offshore area of the Channel Islands (UK), traceable to a single family for a total value of over 1.3 billion euros. These financial assets had been unlawfully concealed by establishing a complex network of trusts.

More specifically, Y trust in Member State A held a bank account in Alfa bank (in the same country) and had availability of over 6 million euros based on a fiduciary mandate. Beneficial owners of Y trust were all belonging to the same family (Family G). The legal representative of Y trust was an individual national in another country (Mr. Why), who had the same role in another trust (X trust) based in third country but domiciled in Member State A. X trust and Y were domiciled at the same address in country A, at which also a trust company (K) was registered.

In depth analysis of the documents acquired allowed investigators to understand that Y and X trusts were merely formal shell and Mr. Why was a mere formal nominee. They had legal ownership of the assets, but they were strictly conditioned by Family G members (who were the real beneficial owner). The fiduciary mandate gave the settlor the right to dispose and enjoy of the assets, making Mr G the ultimate beneficial owner. Beneficiaries and settlors were always Family G members.

Further, behind X and Y trusts there was a huge net of other trusts all linked to the Family G, establishing a complex net of control involving also companies established in other Member States. Such a complexity was not required by the purpose of the economic affairs. Thus, it had no commercial sense.

In 2009 the fiduciary mandate of Y trust was transferred from the trust company K to Alfa bank, but it was not registered for tax purposes (despite this being mandatory). The aim was to legally repatriate the funds through a tax amnesty in 2009, while the use of a different trust company (Alfa rather than K) had the aim to obscure the relation between the assets and beneficial owners.

All in all, the main points of the case are the following:

– Expatriation of capital abroad segregated in a net of trust and multilevel of ownership by the same G family. Between 1995 and 2006, through complex corporate operations involving shares held by companies established in different Member States, the mentioned subjects were able to transfer assets to different trusts opened in the Channel Islands;

Ultimate owner control was on Mr. G family;

The funds were finally legally repatriated in 2009 via tax amnesty;

In order to conceal the beneficial owners, the in-bound funds were diverted to another trust company by the transfer of the fiduciary mandate, which was not notified to the tax register;

Investigation ended in seizure of the total assets held by the net of trusts. Those assets were the proceeds of multiple crimes, such as aggravated embezzlement to the detriment of certain companies, tax fraud, breach of trust, and false corporate communications.

In addition, technical investigations allowed to gather evidence against chartered accountants who, through their financial and tax consultancy, had over time facilitated the establishment of the above capitals and the screening thereof through the trusts, with the aim of facilitating laundering and reinvestment.

MISUSE OF FUNDS THROUGH A FOUNDATION 178

Natural persons repatriated to a Member State funds originating from accounts in a foreign jurisdiction in the name of two Stiftung and an AG corporation with address in that jurisdiction and a Ltd. corporation with its address in another jurisdiction, as well as in the name of trustees of a trust in that jurisdiction. The repatriated funds were used for various payments and purchases. Inadequate justification of the source of funds led to a suspicion of serious fiscal fraud.

OBFUSCATION OF THE ORIGIN OF FUNDS THROUGH FOREIGN TRUST 179

Mr Y was the manager of a French antiques gallery (Gallery A). In 3 years, Gallery A’s bank account was credited with EUR 7 million from a trust registered in a foreign country. Most of the funds, EUR 5 million, were transferred to several European galleries to finance the purchase of artworks. Of this amount, only three transactions, totalling EUR 2 million, were the subject of declarations of trade in goods filed with the customs services. The remaining EUR 3 million was transferred to another gallery, Gallery B, whose manager was suspected by his country’s legal authorities of being involved in dealing in stolen antiques.

The invoices for the purchase of antiques by Gallery A from Gallery B contained irregularities: the VAT number was not valid for cross-border transactions in the EU and was linked to a company that has been inactive since 2014. The transactions between the two galleries were not declared to the customs authorities. Lastly, EUR 150,000 credited to Mr Y’s account from Gallery A’s account was withdrawn in cash. These funds could have been used to finance an undeclared commercial activity. The elements described above could constitute tax fraud and tax laundering and are likely to be part of efforts to launder the proceeds of art trafficking.

.

Conclusions: The money laundering threat relating to trusts and other legal arrangements is considered very significant (level 4)

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerabilities posed by legal arrangements has been considered together with money laundering schemes related to legal arrangements. There are indeed no indications that vulnerabilities vary in type or intensity according to the type of misuse.

Conclusions: The terrorist financing vulnerability relating to trusts and other legal arrangements is considered significant (level 3).

Money Laundering

A recent report by the FATF notes that “the complex structure of trusts makes the identification of the beneficial owners difficult, and requires further efforts to determine the true nature of the trust relationship” 180 .

Generally, a trust can be used for a variety of goals. For example, transferring the administration of an asset to a third party to organise an inheritance; protecting assets for children; or investing and accumulate money for future important expenses (such as education fees or retirement) 181 .

However, trusts and similar legal arrangements can be also misused to enhance anonymity by adding an additional layer of complexity through the separation of the legal and beneficial ownership of an asset. The enhanced anonymity offered by trusts and similar arrangements can provide significant benefits and can present challenges to financial transparency. The ability to disconnect legal from beneficial ownership presents a range of challenges for authorities and service providers seeking to determine beneficial ownership. Additionally, trusts may be used by criminals as part of complex and opaque structures, comprising multiple legal entities and arrangements across multiple jurisdictions, which can be used to obscure who owns and controls assets 182 .

This concern is even greater with respect to the risks linked to certain types of trusts or similar structures, such as those that 183 :

Have one or more natural or legal persons or legal instruments in the chain of control, in most cases in order to make it difficult to detect the beneficial owner of that structure and the origin of the funds and assets managed;

Have a purely instrumental character, meaning that they are owners (mere holders) of assets, but do not perform asset management activities of a commercial or financial nature;

Have been incorporated in certain higher risk jurisdictions without apparent economic justification (vehicles off-shore corporations, shell companies, intervention of nominal holders etc.);

Carry out operations, including payments and collections, without a clear connection with the purpose of the trust;

Are configured as an asset protection trust.

Conclusions: The money laundering vulnerability relating to trusts and other legal arrangements is considered significant (level 4).

Risk level

As regards terrorist financing, the level of threat has been assessed as lowly/moderately significant (1/2), while the level of vulnerability has been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: the estimated risk level for terrorist financing is MEDIUM and for money laundering VERY HIGH.

Many threats and vulnerabilities for money laundering have been identified in relation to (domestic and foreign) trusts and similar legal arrangements. They are to be considered as lucrative tools to lauder the proceeds of crime. Considering also the weaknesses in the mitigating measures, the level of money laundering risk is assessed as very high.

In contrast, there is little evidence that trusts and similar legal arrangements have been misused for the purpose of financing terrorism. However, their secrecy and the possibility to use them in combination to legal entities make trusts and similar legal arrangements vulnerable to abuse for terrorist-financing purposes. Thus, the level of risk here is assessed as medium.

Mitigating measures

In light of the above-mentioned risks and vulnerabilities, it is essential to stress that the integrity of the EU financial system depends on the transparency of trusts and similar legal arrangements.

For this reason, the EU has always been committed to implement an effective AML/CTF framework, specifically targeting the main issues related to trusts and alike arrangements.

In this context, and going beyond 2012 FATF Recommendations, since 2015 the EU adopted:

Directive (EU) 2018/843 184 , the 5th AMLD (Amendments to the 4th AMLD);

Regulation (EU) 2015/847 on information on the payer accompanying transfers of funds 185 in order to make fund transfers more transparent and to help law enforcement authorities to track down terrorists and criminals;

Directive 2018/822/EU 186 which requires intermediaries to submit information on reportable cross-border tax arrangements to their national authorities comes into effect as from 2020.

In particular, Article 31 AMLD requires trustees or persons holding an equivalent position in a similar legal arrangement to:

Obtain and hold adequate, accurate and up-to-date information on the arrangement’s beneficial ownership;

Disclose their status and provide information on the arrangement’s beneficial ownership to obliged entities in a timely manner;

Submit information on the arrangement’s beneficial ownership to the central beneficial ownership register set up in the country where the trustee is established or resides, or the country where the arrangement enters into a business relationship or acquires real estate when the trustee is established or resides outside the EU; and

Provide proof of registration in the central beneficial ownership register or an excerpt of it when wishing to enter into a business relationship in another Member State.

The AMLD also obliges Member States to establish effective, proportionate and dissuasive measures or sanctions for breaches of the above obligations.

Based on the information reported by the Member States, the above mentioned obligations have been implemented or are in the process of being implemented. However, implementation has been particularly problematic in relation to art. 31 AMLD para. 1, 2, 3, 4, 5, 7, 9.

Further, violations of CDD and reporting obligations by trust companies and services providers (TCSPs) have been reported in Member States. Such breaches of EU and national AML regulations included lack of identification of the clients; lack of identification of beneficial owners; and lack of reporting suspicious transactions 187 .

Therefore, the following mitigating measures remain a priority for Member States and competent authorities:

·Carry out a review of arrangements that can develop by virtue of law or legal tradition to ensure that all persons managing trust-like arrangements are requested to report the natural persons that are parties to the legal arrangement (or beneficiaries to those parties) to the register of beneficial ownership of trusts and similar legal arrangements.

·Develop a methodology for the risk assessment of legal arrangements.

·Ensure that beneficial ownership registers are fully populated and that there are mechanisms in place so that the information they contain is adequate, accurate and up-to-date.

·Provide outreach / training sessions to obliged entities on identification of beneficial owners and risks associated with business relationships and occasional transactions with legal arrangements, with a focus on non-face-to-face business relationships, offshore professional intermediaries and non-EU customers.

·Supervisors should conduct thematic inspections on how beneficial ownership identification requirements are implemented.

·As regards offshore trusts, consideration should be given to introducing

othe obligation for holders of foreign trusts to declare them in their Member States (if this obligation does not yet exists);

omore strict reporting requirements for transactions with foreign trusts, and

oenhanced international cooperation.

2. Nominees 188

Product

Nominees

Sector

Non-financial products

Description of the sector

Having in mind the distinction between informal nominees (e.g., strawmen) and formal nominees (i.e., nominee directors and nominee shareholders 189 ), this fiche covers the latter category only.

A nominee director exercises the functions of the director in the company on behalf of (and subject to the instructions of) the nominator. The nominee typically signs a general power of attorney giving the nominator full power to manage the entity and generally also provides a signed and undated letter of resignation to further protect the nominator’s anonymity 190 .

A nominee shareholder exercises the associated voting rights according to the instructions of the nominator and receives dividends on behalf of the nominator. Because the identity of the nominator is not evident, the identity of the person behind the nominee shareholder can be concealed.

According to an investigation conducted by The Guardian, more than 21,500 companies worldwide used 28 nominee directors located in a few jurisdictions who played a key role in concealing hundreds of thousands of commercial transactions. They sold their names with addresses located all over the world for use on official company documents to appear as directors of those companies 191 . Also, literature reports that “due to the need for secrecy and deceit in money laundering, it is likely that many of these companies are engaged in some sort of criminal activity” 192 .

Legally, nominees are responsible for the operation of the company, and accept the legal obligations associated with company directorship or ownership in the country in which the company is incorporated 193 .

The providers of trust and company services (TCSP sector) are likely to provide nominee and directorship services, among others, to third companies 194 .

The law on nominees changes from one Member State to another and no exhaustive overview exists at EU level. A partial view can be derived from information submitted to the Commission by Member States, which indicates that nominee directors are not allowed in 12 Member States 195 and explicitly allowed in one Member State 196 only, while some other Member States 197 do not recognise or define the role explicitly. With reference to nominee shareholders, 8 Member States 198 allow them, while 7 199 do not. Some others do not recognize or explicitly define the concept 200 .

Threat

Terrorist financing

In general, there is little evidence to date that formal nominees have been misused for the purpose of financing terrorism. They do not appear to be particularly attractive to groups that carry out TF activities.

Conclusions: The terrorist financing threat relating to nominee services is considered lowly/moderately significant (level 2).

Money laundering

Nominees have been used to disguise ownership and control, or to circumvent laws designed to manage foreign business ownership and foreign trade.

According to a FATF study, FIUs and law enforcement agencies report the use of nominee services by known criminals and individuals who have been prohibited from serving as a director of a company due to previous malfeasance. Criminals have been known to recruit people with no criminal history to perform these roles, or who agree for their details to be recorded in these positions. The presence of nominee directors and shareholders in company records can also affect law enforcement investigations by delaying the identification of the beneficial owner, or by creating false links between companies that share nominees 201 .

Nominees are also often provided as a service in offshore situations. In this case, third-party nominee services are often used as a means to protect the confidentiality of a nominator whose name can be kept off company registration documents and public registries 202 . In many cases, the nominator will maintain some level of direct control in a scheme, but usually by means of an intermediary or a nominee 203 . This could include shareholders and directors, such as spouses, children, extended family, and other personal or business associates.

The Panama Papers and other recent scandals have shown how nominees can be misused to disconnect the assets from their real owner and disguise the identity of the beneficial owner 204 .

Nominees can be involved in the structure of shell companies. Although no formal definition exists of shell companies, they are generally understood as not carrying out any substantial economic activities. They can be supported by means of TCSPs and nominee directors whose role in the management and direction of the company is limited 205 .

Nominees can be involved also in private interest foundations (PIFs), which are “vehicles offered by code law nations and some common law countries for tax management, estate planning purposes, asset protection, and as an alternative to trusts” 206 . Finally, the use of nominees by companies in the gambling and betting sectors 207 , as well as in employee share schemes 208 , has been reported.

In contrast, a decrease in the provision of nominee services by investment funds has been registered by the European Banking Authority 209 .

Case Study – Luxembourg 210

International Company A headquartered in an EU jurisdiction made corrupt payments to a government employee using nominee director services and international transactions in the following way:

International Company B was registered in a foreign jurisdiction, with a government employee as the beneficial owner.

International Company B used nominee shareholders and directors provided by TCSPs, thereby permitting the concealment of the government employee’s identity.

Payments were made via a European bank account of a subsidiary of International Company A to another of its accounts in Eastern Europe, and via an enterprise registered in Asia. These funds were then paid into bank accounts in a foreign jurisdiction.

·The funds were transferred from the bank accounts in foreign jurisdiction to a Luxembourg bank account of International Company B, to which the government employee had access (being the BO).

.

Nominees acting on behalf of PEPs 211

A politically exposed person (PEP) wants to invest in a property in France. Its objective is to invest while protecting its identity throughout the purchase process. The PEP proceeds to the purchase of a property in France via a Société Civile Immobilière (SCI) 212 domiciled in country B. The procedures for acquiring the property are then carried out by a nominee who is a national of country A, specializing in real estate investments. The nominee represents the SCI at the signing of the deed. The funds relating to the purchase reach the notary via a bank account located in country A. The anonymity of the beneficial owner is preserved by this scheme.

Nominees and organized crime 213

Thanks to an investigation carried out in Italy, it was discovered that nominees were linked to companies established for money-laundering purposes by organized crime. 12 million euros value assets was confiscated by the Italian judicial authority.

A range of service providers are known to offer formal nominee services, including legal and accounting professionals, TCSPs, and professional nominees (people who rent their identification information to companies for nominee purposes only, but provide no additional services to the company) 214 . The case study below demonstrates how a TCSP provided nominee directorship services for over 1000 companies on behalf of foreign clients. Authorities suspected that such schemes facilitated crimes in foreign jurisdictions, including the smuggling of illegal goods, arms smuggling, tax fraud, investment fraud and money laundering 215 .

Conclusions: The money laundering threat relating to nominee services is considered very significant (level 4).

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerabilities posed by formal nominees has been considered together with money laundering schemes related to formal nominees given that ways in which nominees could be misused for terrorist financing purposes would be the same as those in which they could be misused for money laundering.

Conclusions: The terrorist financing vulnerability relating to nominee services is considered significant (level 2).

Money laundering

Based on the above, it becomes clear that the availability and use of formal nominee services are vulnerable to exploitation for the purposes of disguising beneficial ownership. As noted by the FATF, “nominees have been identified as a central enabler of indirect ownership chains” 216 .

Nominee services can be used to facilitate money laundering 217 , tax evasion, and corruption. The globalisation of trade and communications has only increased this threat, and countries now face the challenge of enforcing national laws in a borderless commercial environment 218 . Indeed, as the FATF notes, “nominee directors and shareholders are a key vulnerability. The role of the nominee, in many cases, is to protect or conceal the identity of the beneficial owner and controller of a company or asset. A nominee can help overcome jurisdictional controls on company ownership and circumvent directorship bans imposed by courts and government authorities. While the appointment of nominees is lawful in most countries, the ongoing merits of this practice are questionable in the context of the significant money laundering and terrorist financing vulnerabilities associated with their use” 219 .

Conclusions: The money laundering vulnerability relating to nominee services is considered very significant (level 4).

Risk level

As regards terrorist financing, the level of threat has been assessed as lowly/moderately significant (2), while the level of vulnerability has been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the levels of threat and vulnerability have been assessed as very high (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Many threats and vulnerabilities for money laundering have been identified in relation to the use of formal nominees. They are to be considered as lucrative tools to launder the proceeds of crime. Further, there is the risk that the current EU definition of beneficial owners leaves a loophole allowing for nominees acting as company directors to be reported as beneficial owners 220 . Therefore, the level of money laundering risk is assessed as very high.

In contrast, there is little evidence that formal nominees have been misused for the purpose of financing terrorism. However, the possibility to use them in combination to legal entities make nominees vulnerable to abuse for terrorist-financing purposes. Thus, the level of risk here is assessed as medium.

Conclusions: estimated risk level for terrorist financing is MEDIUM and for money laundering VERY HIGH.

Mitigating measures

Under the AML Directive, nominees have not been regulated. Even if not explicitly mentioned, nominee directors and nominee shareholders are included in the services provided by a trust company service provider as per article 3(7) of AMLD5. Furthermore, under Annex III of the AMLD “companies that have nominee shareholders” are to be considered as one of the customers risk factors of potentially higher risk that obliged entities should take into account when performing CDD.

As mentioned in the description of the sector, in many Member States the use of nominee shareholders is not possible in light of the specific provisions of national company law. At the same time, proxy services that resemble nominee arrangement remain possible. Given the measures already implemented at EU level in terms of company and beneficial ownership transparency, the usage of formal nominee arrangements is more limited than other company services 221 . At the same time, overseas companies created under laws that allow nominee arrangements still present unaddressed risks. When it becomes possible to run such companies through offices in the EU, these risks enter the internal market.

In order to mitigate risks from nominee arrangements, Member States and competent authorities should:

·Provide that the status of nominee director, or proxy director, is disclosed as public information 222 .

·Provide guidance/outreach to obliged entities to ensure they are able to detect nominee relationships in the ownership/control structure of their corporate clients.

·Monitor the business population to assess the prevalence of nominee relationships in companies’ structures.

3. Companies 223

Product

Companies

Sector

Non-financial products

Description of the sector

According to the latest available statistical data 224 , about 22,5 million companies exist in the EU. Companies can be classified in different categories according to their size. The European Union economy mainly relies on SMEs, which represent 99% of all business in the EU 225 . 94% of these companies is independent, meaning that they are neither controlled by another company nor do they control themselves another company 226 . According to a study conducted by Eurostat in 2015, dependent companies (those that are controlled by another company and/or control themselves another company, and thus belong to a group of companies) are important in terms of employment and turnover, especially in Denmark, Estonia, Latvia, Finland, Sweden and Norway. Therefore, a large proportion of total growth created by SMEs can be attributed to dependent companies 227 . Finally, in 2015 1.6 % of companies that were dependent companies belonged to an international group. Those companies contribute highly in terms of employment and turnover especially in Estonia, Latvia, Netherlands, Portugal, and Romania 228 .

It is relevant to distinguish between partnerships and corporations 229 . In a partnership, all partners specified in the partnership contract exercise ownership and control. In contrast, the capital participation of shareholders is the focus of capital companies 230 .

In a partnership, the absence of legal segregation between the natural persons and an independent legal person allows the direct exercise of management by the partners. This reduces the ability to misuse a partnership to disguise beneficial ownership 231 .

Unlike partnerships, corporations are separate legal entities and are often controlled and owned through shares, which can be transferred and sold regularly without affecting the existence of the capital company itself. A company’s legal personality allows it to conduct business and own assets under its own name, assuming all rights and being liable for all debts and obligations it enters into. This legal structure allows a natural person to take part in business without disclosure of their personal identity. Even though shareholders own the company, usually they are not actively involved in management functions, but instead elect or appoint a board of directors to manage the company in a fiduciary capacity. Such types of contract are usually not publicly available, thus allowing room to exploit nominees and obscure true ownership and control arrangements in order to obscure beneficial ownership 232 .

Complex ownership and control structures in themselves are not unlawful. Often, these corporate structures serve legitimate purposes and facilitate a wide range of commercial activities, entrepreneurial ventures, and the management of personal finances. Complex ownership structures can simplify business transactions for companies that regularly trade transnationally, provide services to international clients, or conduct parts of a company’s operations (such as manufacturing or research and development) in another country. However, complex structures can also be used to obscure beneficial ownership, avoid taxation obligations, conceal wealth, and launder the proceeds of crime. The majority of cases that involved tax evasion, fraudulent investment schemes and fraud also utilized complex structures to conceal beneficial ownership 233 .

It is important to consider shell companies and front companies. Shell companies can be detected through a number of characteristics and indicators, including the use of only a post-box address, a lack of personnel, and a lack of payments in taxes and/or social benefit payments. Furthermore, many shell companies do not have a physical presence, and are geographically anchored through the use of TCSPs and nominee directors whose role in the management and direction of the shell company is limited 234 . A front company is a fully functioning company, with assets, income, expenses. Any functioning company can be a front company, but the most common form of front company is one that operates in the customer service industry (such as a restaurant, night club, or salon) as these businesses commonly handle cash 235 .

Finally, offshore companies should be considered. This term describes a company with share capital, governed by private law, incorporated under foreign law and with legal personality that does not develop any economic activities within the jurisdiction in which the place of incorporation and/or registered office of the company is located, and of which the actual titleholder or holders resides or reside in a country other than where the company is established 236 . Moreover 237 :

the government in the country of incorporation may not levy direct tax (although the offshore company is obliged to pay a fixed annual amount to the government);

the offshore company may not have its own physical office address, personnel, means of communication and such;

the offshore company may have an agent in the country of establishment (registered agent) and office address (registered office);

the offshore company may be managed and administered by an employee of a local trust or law firm;

often transactions take place only between affiliated companies within the same organizational structure.

Threat

Terrorist financing

There have been instances where companies have been abused for terrorist financing purposes (for example, in Ireland). Funds generated by criminal activities have been laundered through cash enterprises, such as licensed premises and security companies or in the form of “loans” to businesses. These were often fronted by persons with no obvious affiliations to terrorist groups and whose involvement in terrorist financing was found after investigation 238 .

Case involving terrorist financing via foundations established in the Netherlands 239

In November 2019, six men were arrested as part of an international investigation on terrorist financing in the Netherlands and Belgium. They had allegedly handed over funds to ISIS fighters or affiliated persons in Turkey and Syria in 2013-2014, where these funds had previously been collected via a foundation with the aim of helping war victims. There is reason to believe that the Dutch foundation raised at least EUR 200,000 in donations by organizing various gatherings and benefit activities. More than EUR 130,000 of this amount was allegedly withdrawn in cash and taken to Syria by the suspects.

.

Conclusions: The terrorism financing threat relating to companies is considered moderately significant/significant (level 2/3).

Money laundering

As highlighted in the latest European Union Serious and Organised Crime Threat Assessment (2021 EU SOCTA) 240 “legal business structures such as companies or other entities are used to facilitate virtually all types of criminal activity with an impact on the EU. Criminals directly control or infiltrate legal business structures in order to facilitate their criminal activities. All types of legal businesses are potentially vulnerable to exploitation by serious and organised crime. More than 80 % of the criminal networks active in the EU use legal business structures for their criminal activities. About half of all criminal networks set up their own legal business structures or infiltrate businesses at a high level.

One of the factors that might contribute to a higher frequency of misuse of a particular type of legal person is the absence of accurate and up-to-date information on its ownership and management.

According to a joint study of the Financial Action Task Force (FATF) and the Egmont Group, “legal persons, specifically companies, are prominent features of most schemes and structures designed to obscure beneficial ownership. […] The separation of legal and natural personalities offered by companies is a key feature influencing this popularity” 241 .

Complex structures can also be used to obscure beneficial ownership, avoid taxation obligations, conceal wealth 242 , and launder the proceeds of crime. The majority of cases that involved tax evasion, fraudulent investment schemes and fraud also utilized complex structures to conceal beneficial ownership 243 . It has also been reported that “the use of shell companies in complex corporate structures designed to disguise beneficial ownership is a consistent and enduring technique used by criminal groups, corrupt individuals, and complicit professionals. The increased availability of shell companies to foreign nationals, which has been made possible by the growth of global communications and the convergence of international trade markets, has exacerbated this issue” 244 .

Front companies can be exploited to launder the proceeds of crime through the integration of illegitimate funds with legitimate income, often hiding the illegitimate funds as cash sales made during the course of business. These funds can then be transferred to the beneficial owner via bank account deposits or payments of false expenses 245 .

A front company may be involved in legitimate trading activity. The primary risk indicator is usually the cash-intensive nature of the company – where goods and commodities would be mostly paid for in cash and exported before being re-exported between different countries. In these cases, the services of a complicit bookkeeper or accountant may be used to legitimize criminal cash flows through false invoices, receipts and accounts. Financial statements can also be falsified to account for the cash flows 246 .

Finally, offshore companies can also constitute a threat 247 , especially when the fact of being incorporated abroad is a threat for transparency by obfuscating the exchange of information. As described above, offshore companies are often lacking real economic activity in the jurisdiction of incorporation. This, together with the high number of intra-affiliated-companies transactions, could increase the risk for such companies of being used as mere vehicles for money laundering purposes.

Front companies Luxembourg 248

An alleged mafioso was nominated as managing administrator of a small private limited liability company (SARL). This person was nominated without a notarised deed, which means that his name was added in a small statute change after the creation of the SARL; the notary himself was not implied in these changes. When preparing such deeds, notaries check the identity of the beneficial owner.

.

Fictitious company turnover 249

A person involved in cannabis cultivation started a taxi company with 12 taxis with the aim of laundering the criminal proceeds. Private loans and turnover were falsified via the company. The stated turnover did not correspond with the data recorded by the taximeters.

.

The Netherlands 250

International company A headquartered in The Netherlands paid corruption funds to a government employee via letter box companies. An international company was registered in an international jurisdiction, with a government employee listed as the beneficial owner but with nominee shareholders and directors. Payments were made via a Dutch bank account of a subsidiary of the international company to an account of the international company in Estonia and via an enterprise registered in Hong Kong, after which these funds were paid into bank accounts in a foreign jurisdiction and from there to a Luxembourg bank account of the international company. Bribes were also paid to charities that were directly associated with government employees. In order to account for the bribes, false invoices were entered in the accounting records.

.

Multi-national group (within and outside the EU) 251

Embezzled public funds worth RUB 300 million (Russian rubles) (USD 11 million) were transferred from the account of Company K to the account of Company R. Company R, a Delaware corporation, was owned and managed by the Russian wife of the suspect, a state official. The same day, Company R transferred USD 11 million as a loan to an account of Company A (BVI) held by a Cypriot bank. Company A then transferred more than USD 11 million to the Company D (US) to purchase real estate in France. Company D transferred more than USD 12 million to a French Notaries Bureau. Information from the FIU of Luxembourg showed that one of the US banks acted as a guarantor for the suspect’s wife in a transaction to purchase of shares of a French company – and the holder of the real estate. The transaction was conducted via an S.S. company – a French subsidiary of a Luxembourg S.D. SA., incorporated and owned by the same individual.

Analysis showed that these two chains were interrelated and the real estate was purchased with the proceeds of public funds embezzled for the benefit of the state official’s wife.

.

Conclusions: The money laundering threat relating to companies is considered very significant (level 4).

Vulnerability

Terrorist financing

Criminals may have intentions to exploit these structures for international and domestic terrorist financing purposes. There has been little evidence of their misuse 252 . However, the recent update to FATF/EGMONT report notes that, in practice, trade-based terrorism financing schemes can and do rely on the common trade-based money laundering techniques 253 . Risks of trade-based terrorism financing are likely to materialize as terrorist groups increasingly adopt the operational methods of organised crime groups.

Conclusions: The terrorism financing vulnerability relating to companies is considered moderately significant/significant (level 2/3).

Money laundering

It can be seen that all cases analyzed above involved the use of a company, which indicates that these vehicles are significantly attractive for misuse.

A range of characteristics have been identified which allow companies to be exploited to hide beneficial ownership information. Key techniques used to this purpose can be categorized as follows 254 :

generating complex ownership and control structures through the use of legal persons and legal arrangements, particularly when established across multiple jurisdictions;

using individuals and financial instruments to obscure the relationship between the beneficial owner and the asset, including bearer shares, nominees, and professional intermediaries; and

falsifying activities through the use of false loans, false invoices, and misleading naming conventions, fictitious turnover 255 .

Shell companies and front companies feature prominently in most complex structures identified by FIUs and other competent authorities 256 .

The use of numerous legal persons or arrangements within a single legal structure, numerous bank accounts and nominee directors, can significantly impair efforts by FIUs, other competent authorities, and financial institutions to identify and verify the beneficial owner. This is further frustrated when legal ownership structures span numerous jurisdictions 257 .

Cash-intensive companies, such as catering or retail, nail salons, hairdressers or ice cream parlours, can be misused to provide cover for the source of otherwise inexplicable quantities of cash. In most cases, such businesses are used as a legitimate source of income to facilitate the mixing of illicit funds with legal proceeds 258 . These businesses may be owned by the criminal or by the criminal’s straw men. Not only can all business investments be paid for with the criminal cash, but the company turnover can also be falsified. Criminal cash can be mixed with the legal turnover of the company, after which the total amount is reported to tax authorities as the achieved turnover 259 .

Criminals use trade-based money laundering to justify the movement of criminal proceeds through banking channels, for example, via letters of credit and invoices, or through the use of global transactions, often using false documents for the trade of goods and services. It can potentially allow the rapid transfer of large sums camouflaged as a legitimate economic transaction 260 .

Law enforcement authorities and FIUs report that although trade-based money laundering schemes require moderate levels of technical expertise and knowledge, they have been frequently used by organized criminal groups because they are generally quite accessible, have low costs and are relatively easy to exploit 261 .

The analysis above suggests that where organized criminal groups have connections to a jurisdiction, they may seek to move illicit proceeds to and from that jurisdiction to facilitate offending, often in relation to drug offences.

Conclusions: The money laundering vulnerability relating to companies is considered very significant (level 4).

Risk level

As regards terrorist financing, the level of threat has been assessed as moderately significant/significant (2/3), while the level of vulnerability has been assessed as moderately significant / significant (2/3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as highly significant (4), while the level of vulnerability has been assessed as highly significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

In light of the above, the overall level of money laundering risk for companies, from both domestic and international sources, is considered very high.

The overall level of terrorist financing risk for companies, from both domestic and international sources, is considered medium.

Conclusions: the estimated risk level for terrorist financing is MEDIUM and for money laundering VERY HIGH.

Mitigating measures

In light of the above-mentioned threats and vulnerabilities, it is essential to stress that the integrity of the EU financial system depends on the transparency of legal persons.

For this reason, the EU has always been committed to implement an effective AML/CTF framework, specifically targeting the main issues related to companies.

In this context, and going beyond 2012 FATF Recommendations, since 2015 the EU adopted:

Directive (EU) 2018/843 262 , the 5th AMLD (Amendments to the 4th AMLD);

Regulation (EU) 2015/847 on information on the payer accompanying transfers of funds 263 in order to make fund transfers more transparent and to help law enforcement authorities to track down terrorists and criminals;

Directive 2018/822/EU 264 , which requires intermediaries to submit information on reportable cross-border tax arrangements to their national authorities comes into effect as from 2020.

In particular, Article 30 AMLD provides that:

Companies should obtain and hold adequate, accurate and current information on the arrangement’s beneficial ownership;

Companies should provide information about their legal owner and the beneficial owner to obliged entities when the obliged entities are taking customer due diligence measures;

The information mentioned above should be accessible in a timely manner by competent authorities and FIUs;

The information mentioned above, as adequate, accurate and current, should be held in central register.

The AMLD also obliges Member States to establish effective, proportionate and dissuasive measures or sanctions for breaches of the above obligations.

Based on the information reported by the Member States, the above mentioned obligations have been implemented or are in the process to be implemented.

As risks emanating from legal persons remain high, the AML Package of July 2021 provides for a number of measures aimed at mitigating those risks. In the meantime, Member States and competent authorities should prioritise the following mitigating measure:

·Carry out a risk assessment of ML/TF risks associated with legal persons and regularly review it.

·Ensure that beneficial ownership registers are fully populated and that there are mechanisms in place so that the information they contain is adequate, accurate and up-to-date.

·Provide outreach / training sessions to obliged entities on the identification of beneficial owners and on the detection of discrepancies between the information collected in the context of customer due diligence and the information reported by legal entities to the register of companies’ beneficial ownership.

·Conduct thematic inspections on how beneficial ownership identification requirements are implemented by obliged entities.

·Ensure that obliged entities are aware of risks associated with legal persons, particularly in the context of non-face to face business relationships, and when dealing with non-EU legal entities and require that in those cases obliged entities pay particular attention to the corporate structure of the client to ascertain who ultimately owns or controls it.

Last but not least, the Commission has also presented a proposal to combat the use of shell entities in the EU laying down the rules to prevent the misuse of companies for tax purposes and amending Directive 2011/16/EU 265 .

4. High value goods – artefacts and antiquities

Product

High value goods – artefacts and antiquities (high end of the art & antiquities market)

Sector

High value dealers

Description of the risk scenario

Quite a number of EU Member States already include a separate chapter within their National Risk Assessment (NRA) devoted to the art and antiques sector (among others, Finland, France, Germany, …). Their comments ad perceptions, and also those coming from extra-EU States, like Switzerland or the United Kingdom, have been taken into consideration when drafting this assessment.

Terrorist financing

Perpetrators earn revenue from the sale of looted artefacts and antiquities. The trafficking in cultural goods is among the biggest criminal trade categories, estimated 266 at possibly the third or fourth largest category. However there are hardly any statistics showing the actual magnitude of trafficking of artefacts and antiquities, neither on the licit market nor on the illicit market(the specific feature of this illicit trade being that the legal and the illicit trade are sometimes interwoven) 267 . Although cultural goods trafficking is a global phenomenon, there are no comprehensive figures on its global extent. Many crimes remain invisible in the statistics, such as those concerning artefacts and antiquities that have not been previously recorded or inventorised, for example illegally excavated antiquities.

Nevertheless, according to Interpol, the black market in works of art is becoming as lucrative as those for drugs, weapons and counterfeit goods 268 .

The information dossier that UNESCO produced for the 40th anniversary of the 1970 Convention states that, together with the drugs and armaments trades, the black market in antiquities and culture constitutes one of the most firmly rooted illicit trades in the world 269 .

The value of the illegal antiquities traffic is also hard to assess 270 due to its invisible and seamless character 271 . It is estimated that only 30-40 % of antique dealings take place through auction houses where the pieces are published in catalogues 272 . The rest occurs through private (thus often unmonitored, and not recorded) transactions 273 .

Some studies suggest that the total financial value of the illegal antiquities and art trade is larger than any other area of international crime except for arms trafficking and narcotics 274 and has been estimated at $3-6 billion per year 275 .

As regards the dimension of the licit art market, the Art Basel 2022 report 276 estimates:

·Global sales of art and antiques reached an estimated $65.1 billion, up by 29% from 2020, with values also surpassing pre-pandemic levels of 2019.

·The online market continued to expand in 2021, growing by 7% to reach an estimated $13.3 billion. Online sales accounted for 20% of sales in the art market, down by 5% in share year-on year but still more than double the level of 2019 (9%).

·The US market retained its leading position, shifting up slightly to 43% of worldwide sales by value. Greater China was the second-largest art market with 20%, while the UK slipped back to third place at 17%.

·Outside of the art market’s $65.1 billion in turnover, sales of art and collectibles NFTs saw substantial growth in 2021. External sales in these two categories on NFT platforms on the Ethereum, Flow, and Ronin blockchains have grown from $4.6 million in 2019 to $11.1 billion in 2021. The value of sales for art-related NFTs expanded over a hundredfold year-on-year reaching $2.6 billion.

The art market today, especially at the top end, is highly global. For example, a gallery located in Amsterdam might represent and artist from Germany and sell to an American collector. Although China is now one of the leading countries in terms of auction sales, the globalized art world is still centred around the West, with the key cities being New York and London, with Hong Kong coming in third place 277 . Links between the antiquities trade and drug, wildlife and arms trafficking, money laundering and tax evasion and the financing of armed conflicts and terror organisations have been widely reported, which puts antiquities trafficking on the level of serious transnational organised crime.

Money laundering

Perpetrators convert proceeds of criminal activities into antiques and art goods to store or move these assets more easily 278 .

Art is comparable to a commodity, and as such it can be used in trade-based money laundering to transfer value to others or across borders. In this manner, proceeds of crime can be moved or transferred without using a bank to simply transfer funds that criminals know are monitored for suspicious activity. Here is an example of how art is used for trade-based money laundering: Criminal A sells an inexpensive piece of art to Criminal B but issues an invoice to B for US$1 million. B then wires US$1 million to A and both can then legitimize the money transfer using the invoice 279 .

Furthermore, criminals typically enjoy luxury possessions, which can include artwork.

The art market can be attractive for money laundering due to a number of peculiar features:

Discretion has always been a distinctive feature of the art market.

Use of intermediaries/proxies for transactions is quite common.

Art market is intrinsically an international market.

Due to their peculiar nature, some works of art can reach extremely high prices without raising attention (e.g. paintings, archaeological goods, etc.). Money launders can exploit this feature. Since their main objective is only to convert illicit funds into clean assets they do not follow an economic rationale for transactions, it means that they may boost prices overestimating goods.

Purchasing a work of art legitimizes cash and converts it into an asset that increases value and can be sold at a later stage.

The impact of COVID-19

Auction houses and art dealers are, like many other sectors, responding to the COVID-19 crisis by shifting operations online. The increased use of digitalised sales platforms has opened up art sales to a greater number of potential buyers across the globe. Thus the effect of COVID-19 has led to heightened risk of abuse of the art market, with the increased use of online platforms and fraudsters seizing the opportunity to exploit businesses through the possible recourse to anonymous transactions.

Threat

Terrorist financing

Links between the antiquities trade and drug, wildlife and arms trafficking, money laundering and tax evasion and the financing of armed conflicts and terror organisations have been widely reported, which puts antiquities trafficking on the level of serious transnational organised crime.

The assessment of the terrorist financing threat posed by the trafficking of looted artefacts and antiques 280 shows that law enforcement agencies have identified cases of trafficking of looted antiquities within the EU. Several investigations have been conducted by Member States’ law enforcement agencies where underlying trafficking in goods taken out of conflict zones 281 via involvement of far east countries was used to hide more easily the provenance of goods. The share of the illegal market should, of course, be considered but is by definition difficult to detect. From the national studies conducted so far, it appears that the main threat comes from looting of antiquities in countries outside the EU, notably in conflict zones such as Syria, and the terrorist organisations that control the territory then imposing taxes on these activities. Terrorist groups are supposed to be involved in granting “licenses” for excavations and facilitating the movement of artefacts out of the origin territories through smuggling routes used for other illicit commodities. For example, ‘rather than trading artefacts, Islamic State is earning money from selling digging permits and charging transit fees’ 282 . However, terrorists may also sell the products themselves to obtain revenues, as shown by primary evidence collected by the US 283 . and as acknowledged by the United Nations Security Council 284 .

Looting of archaeological goods is supposed to be the most used mechanism to generate ill-gotten funds for the financing of terrorism. Crisis areas often include vast territories rich in archaeological heritage that are constantly looted with the aim of collecting valuable artefacts to be smuggled into EU countries with large antiquities markets (e.g. Germany, Belgium, The Netherlands, etc.). US and UAE are also considered regional hubs for illegal antiquities trading.

These goods are provided with fake documents of origin in order to infiltrate the legitimate art market. Considering that these goods have never been recorded anywhere, once they are provided with a false back-story any check about their legitimacy is almost impossible.

It is worth mentioning that the above scenarios have not been confirmed by judicial evidence. Although the smuggling of archaeological goods from crisis zone into the EU has been demonstrated by several investigations, lack of cooperation with source countries has not allowed to collect enough evidence to demonstrate the link between this trafficking and terrorist groups.

The majority of the objects stolen by or with the support of terrorists in some conflict areas are small/medium size items which come from illegal excavations, making it even harder for the law enforcement agencies to establish the provenance and to prove that a certificate is fake, especially for small items.

Since the products might be sold in the EU by intermediaries, there is an indirect though concrete risk of financing terrorism.

From the intent and capability point of view, this risk scenario represents a financially viable option considering that looting of artefacts may generate a substantial amount of revenue. However, it is not an easy method. It requires (in the source countries): access to the illegal/dark economy (the items being then often laundered and mixed with legal circuits in the destination countries); technical expertise; and knowledge of the art market, which is not in all terrorist groups‘ capability. Furthermore, transporting such products is not secure or discrete enough and converting them into cash requires time to plan, which is not consistent with most terrorist groups‘ needs to access cash quickly.

Conclusions: At this stage, there is limited evidence that the trafficking of looted artefacts and antiques would be specifically used to finance terrorist activities in the EU. However, it is an attractive source of revenue for organisations controlling territory in conflict zones that intend to finance terrorist activities in the EU. Nevertheless, the level of knowledge, expertise and planning capabilities required reduces the level of threat. The level of terrorist financing threat related to the trafficking of artefacts and antiques is therefore considered as moderately significant (though increased due to the situation in the Middle East and North Africa and the fact that the disappearance of the territorial ‘Caliphate’ — which had institutionalised the looting — does not stop the continuation of some low-scale looting). Also, cases of looting of art and antiques following the invasion of Ukraine are currently being investigated. (level 2).

Money laundering

The art market is attractive for the commission of other proceed-generating offences, e.g. art forgery, art theft, fraud, tax evasion or corruption.

The assessment of the money laundering threat posed by the trafficking of looted artefacts 285 and antiques shows that this risk scenario may be interesting to organised crime groups, as these ‘products’ can be converted into cash and/or used to launder the proceeds of crime or evade tax. Law enforcement agencies consider that this kind of traffic occurs mostly in Free zones 286 and that this makes it more difficult to measure the extent of the phenomenon. Some criminal networks have attempted to pass off counterfeit goods as stolen pillaged antiquities and have provided fraudulent provenance of the items.

Conclusions: This risk scenario may be an attractive tool for organised crime groups to convert the proceeds of crime in clean cash. However, it requires high level of expertise and is not a secure activity for them. The level of money laundering threat related to the trafficking of artefacts and antiques is therefore considered as moderately significant (level 2).

Similar conclusions appear in a recent study by the US Department of the Treasury 287 . The report finds that while there is some evidence of money laundering risk in the high-value art market, there was limited evidence of terrorist financing risk. It also remarks that the participants most vulnerable to money laundering in the art market are businesses that offer financial services, such as art- collateralized loans, but are not subject to comprehensive anti-money laundering/countering the financing of terrorism (AML/CFT) obligations. Asset-based lending can be used to disguise the original source of funds and provide liquidity to criminals.

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability posed by the trafficking of looted artefacts and antiques shows that this risk is currently only an emerging but that it may increase in the short term. Looted goods may be introduced on the EU territory in the current climate. For example, some small stolen artefacts/coins may be sold by home grown radicalised people returning to the EU in quantities that are possibly too small to be detected or even prosecuted.

a) risk exposure

Investigations show that antiquities are offered to EU collectors from various non-EU countries, generally through internet auction sites or specialised online stores. Terrorist organisations may use concealment measures, such as IP-address spoofing, which makes it difficult to identify and determine the actual location of the seller. Exploitation of social media is also identified as more and more frequent tool so as to cut out the middleman and sell artefacts directly to buyers.

Preference is given to cash transactions (sometimes for high amounts) but online transactions are also widespread with no possibility for the financial institution to identify to real owner/buyer of the antiquities. There is no specific monitoring of the transactions.

b) risk awareness

According to law enforcement agencies, a large part of the illicitly traded cultural artefacts worldwide either do not arrive on EU territory or remain undetected. This tends to demonstrate that competent authorities and financial intelligence units visibility in this matter is very low. Most obliged entities are not obliged to carry out any record keeping (e.g. on the origin of artefacts or to whom they are sold) and there is no reporting 288 . Law enforcement and customs authorities have difficulties detecting the illicit origin of cultural artefacts.

c) legal framework and controls

AML framework: under the EU’s current anti-money laundering framework, individuals trading in goods are subject to relevant EU requirements when they receive payments in cash of an amount of EUR 10 000 or more. This requirement focuses on payments in cash and does not consider risks of other types of payment transactions.

The current EU anti-money laundering framework (the 4th AMLD as amended by the 5th AMLD) now targets individuals that trade in works of art and considers them as obliged entities when they trade or act as intermediaries in the trade of works of art. This includes people involved in storing, trading or acting as intermediaries in the trade of works of art when carried out by free ports.

Ad hoc EU trade prohibitions: the EU has adopted ad hoc measures for the import of cultural goods into its customs territory from Syria and Iraq. Council Regulation (EC) No 1210/2003 of 7 July 2003 concerning certain specific restrictions on economic and financial relations with Iraq and Council Regulation (EU) No 36/2012 concerning restrictive measures in view of the situation in Syria, prohibit trade in cultural goods with these countries where there are reasonable grounds to suspect that the goods have been removed without the consent of their legitimate owner or have been removed in breach of national or international law. However, in the absence of common criteria/rules of what “acceptable” provenance, competent authorities still have difficulties in tracking any good originating in these countries and applying these regulations may sometimes be challenging because of the nature of the products (e.g. an object that is not illicit as such, but whose real provenance is difficult to establish). Interestingly, in the Member States that have managed to seize cultural goods originating from Iraq or Syria, this action is part of the daily work of the very same institutions that control the general import of cultural goods and implementing the relevant rules does not impose any additional burden on them.

Further to the two above-mentioned ad hoc measures, Regulation 116/2009 289 and Directive 2014/60/EU 290 also apply. Additionally, Regulation (EU) 2019/880 291 of the European Parliament and of the Council Regulation on the introduction and import of cultural goods has been adopted in 2019. It is one of the measures proposed in the framework of Commission’s 2016 Action plan for strengthening the fight against terrorist financing and specifically concerns cultural goods created and/or discovered in third countries, and aims to prevent their illicit trade.

As from 28 December 2020, any physical introduction into the customs territory of the European Union of cultural goods originating in third countries is prohibited, when these cultural goods have been exported in breach of the laws and regulations of these countries. Furthermore as from 28 June 2025, at the latest, the import (i.e. their release for free circulation in the internal market or their placement under special customs procedures, other than transit) of specific categories of cultural goods is subject to certain requirements. By that time, a centralised electronic system for the import of cultural goods (‘ICG system’) will be developed and become operational 292 .

Specifically, for the import of certain categories of cultural goods, such as archaeological objects or parts of monuments at least 250 years old, import licences issued by the competent EU Member State authorities will be required regardless the value of the cultural good. For other categories of cultural goods (such as rare collections and specimens of fauna, flora etc. ethnographic objects, paintings, sculptures, manuscripts, old books etc.) that are older than 200 years and have a value of EUR 18,000 or more, an importer statement must be submitted by the holder of the goods. Such an importer statement consists of a declaration that the goods have been lawfully exported from the non-EU country and a standardised document describing the relevant cultural goods.

The submission of applications by operators to competent authorities to obtain an import licence as well as the submission of importer statements are to be carried out via the ISG system. The import licence or the importer statement must be provided to the customs authorities at the time of the submission of the customs declaration. In the case of placing cultural goods under the free zone procedure, the holder of the goods should provide the import licence or the importer statement upon presentation of the goods.

Currently, Regulation (EU) 2019/880 293 applies to those cultural goods which were either created or discovered outside the customs territory of the Union.

Europol is also actively involved in investigations and prosecutions of cultural goods trafficking, for example the yearly multinational PANDORA operations in the framework of the multidisciplinary platform EMPACT 294 which have led to the arrest of 185 people and the recovery of 62.500 looted and stolen objects since 2017.

Conclusions: Although there is little evidence that such methods are used in the EU, it appears that the risk exposure is only emerging at present but may increase due to the geopolitical context. The current legal framework does not allow for an efficient monitoring of such transactions due to the fact that obliged entities seem not to be aware of this terrorist financing vulnerability (no reporting, no record keeping). The level of terrorist financing vulnerability related to the purchase of artefacts and antiques is therefore considered as very significant (level 4).

Money laundering

The assessment of the money laundering vulnerability posed by the trafficking of looted artefacts and antiques shows that:

a) risk exposure

Given its sensitive nature, the artefacts and antiques market tends to favour informal channels where there is no specific security or monitoring of the transactions. It involves payments in cash (sometimes high amounts) where the identification of the buyer is almost impossible.

b) risk awareness

The sector seems more aware about the money laundering risk than the terrorist financing ones. In several Member States, high value dealers receive relevant training and guidance. However, there is a very low level of suspicious transaction reporting which raises questions on the understanding of the list.

c) legal framework and controls

Individuals trading in goods are subject to EU anti-money laundering requirements when they receive payments in cash of EUR 10 000 or more. The current EU anti-money laundering framework also now considers people trading in works of art as obliged entities. In addition, in many Member States, regulations aiming at limiting cash payments have been put in place. However, as with terrorist financing, the current checks are insufficient to address the risks that looted goods may present.

In addition, the G7 members consider that artefacts trafficking represents a high risk and that further work must be done in this area. The G20 Culture meeting under the Italian Presidency had as one of its topics the illicit traffic of cultural goods.

Conclusions: Despite the fact that the risk awareness is higher than that for terrorist financing, the assessment’s other elements have common features. These include a low level of reporting and no evidence that cash payment limitations have limited the risks. The level of money laundering vulnerability posed by the purchase of artefacts and antiques is therefore considered as very significant (level 4).

Risk level

As regards terrorist financing, the level of threat has been assessed as moderately significant (2), while the level of vulnerability has been assessed as significant / very significant (3/4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as moderately significant (2), while the level of vulnerability has been assessed as moderately significant / very significant (3/4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both, terrorist financing and money laundering is HIGH.

Mitigating measures

For the Commission (measures adopted since the previous SNRA):

·On 17 April 2019, Regulation (EU) 2019/880 on the introduction and the import of cultural goods 295 to set out conditions and procedures for the entry of cultural goods into the customs territory of the Union, was adopted. The Commission has also carried out a study on ‘Improving knowledge about illicit trade in cultural goods in the EU, and the new technologies available to combat it’ 296 .

·Regulation 2018/1805 on the mutual recognition of freezing and confiscation orders (the illicit trafficking of cultural goods is mentioned in Art.3) 297 .

·The Commission has also adopted legislation 298 to reinforce the EU framework on preventing the financing of terrorism by increasing the transparency of cash payments.

Measures under preparation and recommendations:

·Member States should notify the measures taken by dealers in goods to comply with their AML/CFT obligations. This would enable the Commission to further assess the risks posed by service providers accepting cash payments. The Commission will also assess the benefits of making additional sectors subject to AML/CFT rules.

·The Commission will adopt an action plan tackling trafficking in cultural goods, as announced in the EU Strategy to tackle Organised Crime 2021-2025, adopted in April 2021 299 .

·The Commission will undertake an evaluation of EU Free zones in 2021-2022. This evaluation will include an assessment of their benefits and costs, including the risk of possible misuse, both in the customs and taxation area.

For Member States:

·Member States should issue guidelines to the art and antiquities sector on how to comply with their AML/CFT obligations. Some jurisdictions (e.g. France, Switzerland, Finland) have already published theirs.

·Member States should implement the existing obligation for signatories of the UNESCO Convention of 1970, enshrined in Article 10 of the UNESCO Convention of 1970, to impose mandatory sales registers for cultural goods, in order to improve traceability of sales within the EU.

·Member States should duly consider the risks posed by cash payments in their national risk assessments and define appropriate mitigating measures. Member States should consider making those sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their national risk assessment.

·In order to better detect cases of trafficking in cultural goods, including those linked to money laundering and terrorism financing activities, Member States should set up specialized police units solely dedicated to crimes related to cultural property in accordance with recommendations from Interpol and the 1970 UNESCO Convention.

·Member States should provide training for law enforcement officers (customs and police) and ensure cooperation and the exchange of information between customs, border guards and other authorities.

·Member States should encourage more cooperation between law enforcement and archaeologists, in order to support law enforcement in detecting trafficked cultural goods and determine their provenance.

·Promote authorisation requirements either in the country of export and/or in the EU, or self-declaration requirements, i.e. declaration by the EU importer that the good has exited the country of export in accordance with its laws and regulations. (This requirement will be compulsory for certain categories of cultural goods covered by Regulation 2019/880, starting from 2025.)

·Awareness-raising campaign and promotion of measures to the art market and museums, such as robust due diligence, computerised inventorying obligations and the EU’s formal recognition of existing codes of ethics or conduct for museums and the art market.

·Consider becoming party to the UNIDROIT and NICOSIA Council of Europe conventions — or adopting some of the measures set out in those conventions.

·Oblige companies involved in art dealing and storing antiques (known as ‘freeports’) to declare all suspicious transactions, and subject the owners of companies dealing in and storing art and antiques who become involved in the trafficking of such goods to effective, proportionate and dissuasive penalties, including criminal penalties where necessary.

·Considering the cross-border nature of ML/TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML/TF to request support from agencies such as Europol.

For obliged entities:

·Promote the use of written contracts to get a very detailed invoice with a clear description of the goods (e.g. value, product description and high quality picture), which would also allow the real beneficiary of the transaction to be identified.

·Encourage ending the practice of private transactions in cash to anonymous buyers.

·Promote the idea of a robust traceability system for both online and physical trade consistent with the whole anti-money laundering philosophy.

5. High value assets – Precious metals and precious stones

Product

High value assets- gold and diamonds

Sector

High value dealers

General description of the sector and the related product/activity concerned

In the EU, the diamond market is mostly limited to one country — Belgium, with Belgian diamond dealers having the predominant share of the EU’s diamond market. 1,700 companies are officially registered as diamond traders with the Federal Public Service of Economy. Belgium’s total imports and exports amounted to $48 billion in 2015 alone. The world’s largest mining companies have an office in Antwerp and sell a large proportion of their goods directly to Belgian companies. Belgium has four diamond bourses that are members of the World Federation of Diamond Bourses. According to the 2015 data published by Antwerp’s diamond office 300 84% of all rough diamonds and 50% of all polished diamonds on the planet come from Antwerp.

Specialised financial institutions provide liquidity to the diamond trade. Diamond-trading companies need this kind of financing to purchase large quantities of rough diamonds and to finance the manufacturing of these goods into polished diamonds.

Description of the risk scenario 301

Proceeds of crime (e.g. drug trafficking) are either moved to another country to buy gold and jewellery which is then sold in another country using false invoices and certificates, or are used directly to buy gold in the national territory and sold to a precious metals broker who then sells it to other businesses. Proceeds of the sale may then be wired to a third party to finance new criminal operations. Criminals favour precious metals such as gold and stones such as diamonds as they are inexpensive to store and easy to turn into cash.

The jewellery sector is ideal for laundering money and can be used for both placement and layering. To place incriminated assets, one can simply approach a jewellery store and purchase a ring or a bracelet with cash: paying cash for the jewellery involves changing the asset one holds. Furthermore, there are no fixed market prices in the jewellery sector. This makes it more difficult to accurately assess the market price for jewellery pieces, giving money launderers considerable scope for discretion and manipulation. It should also be considered that jewellery tends to maintain its value and jewellery also tends to be a rather liquid asset 302 .

The VAT Directive provides specific rules for transactions related to gold in order to combat tax evasion or avoidance. It allows Member States to include within the taxable amount of a transaction which involves the working of investment gold provided by a customer, the value of that investment gold where, by virtue of being worked, the gold loses its status of investment gold. However, this scheme is related only to transactions of investment gold on a regulated gold bullion market, therefore the trade of other kind of gold within a free zone may escape such rules.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to the purchase of gold and diamonds shows that terrorists exploit this method as it is easily accessible and a financially viable option. It requires moderate level of planning and expertise. Gold is commonly used in war zones and is very attractive for terrorists groups 303 .

Conclusions: The level of terrorist financing threat related to the purchase of gold and diamonds is considered as moderately significant (level 3).

Money laundering

The assessment of the money laundering threat related to the purchase of gold and diamonds shows that perpetrators have developed large money laundering schemes using this method. According to the FATF’s analysis, this is a high-risk scenario, as gold and diamonds are easy to move across borders (hidden in a car for instance). International trade in gold has also been seen as a technique to launder criminal proceeds. The case in question involved the declared importation of gold from the UAE to an EU Member State, the resale of the gold to a second EU Member State and exportation from there back to the UAE. The carousel nature of the activity and the low quality fake gold transported in this case gives grounds to believe that the commodity trading was only conducted to justify criminal money transfers. This method is closely connected to the assessment of couriers with gold/diamonds (see specific section).

Europol Financial Intelligence Public Private Partnership (EFIPPP): in relation to investment fraud, in Boiler rooms schemes, scammers take advantage of the recent decline in asset prices to sell fraudulent investments in gold, silver and other commodities labelled as a safe haven as well as low value stocks or high risk financial products such as derivative instruments and cryptocurrencies. An indicator is: offers misrepresenting value of standard gold bullion coins or promising to provide safe storage for gold.

EFIPPP information: Trade Based Money Laundering is one of the techniques used by Money Laundering Controller Networks.

Money/cash is not directly transferred but transformed into other value (cash, gold, goods, cryptocurrencies, etc.). By means of Trade-Based Money Laundering -TBML-, such as import/ export of goods and Informal Value Transfer Systems -IVTS-, the network transfers funds or an equivalent value payable to a third party in another geographical location.

Generally for illicit trade, the transport of the illicit proceeds in the form of cash, precious metals and jewellery is well known.

Conclusions: The level of money laundering threat related to the purchase of gold and diamonds is considered as very significant (level 4).

Vulnerability

Terrorist financing

The level of terrorist financing vulnerabilities related to the purchase of gold and diamonds shows that:

a) risk exposure

Some private sector representatives mention that the use of cash in the diamond trade has decreased thanks to the limits imposed by some national anti-money laundering laws (in some countries, payments in cash are limited to 10% of the total amount of the transaction, with a maximum of EUR 3 000). However, there is no specific information available on the trade in gold where cash payments are still recurrently used with no possibility of identifying the parties involved in the transactions.

b) risk awareness

It is very low as far as terrorist financing risks are concerned. There is no specific framework in place to limit the transport and purchase of gold and diamonds. Due to the cross-border nature of such movements, it is difficult or even impossible to carry out checks.

For trade in diamonds, some national organisations of diamond dealers have developed an organisational framework for providing guidance, training courses and assistance with suspicious transaction reports, as well as help with risk analysis. These organisations may also provide ‘know your customers’ databases which include sanctions lists, information about politically exposed persons and/or lists of high-risk third countries. Some diamond traders ensure that identification and verification processes are carried out before a transaction involving payment via bank transfer.

Nevertheless, these practices are rather limited and not sufficiently widespread to consider that the sector is well aware of the risks.

For trade in gold, no specific feedback was received from the private sector as it was impossible to identify a point of contact to discuss anti-money laundering.

c) legal framework and controls

Individuals trading in goods are subject to EU anti-money laundering requirements when they receive payments in cash of EUR 10 000 or more. These anti-money laundering requirements are limited to payments in cash and do not take the risks posed by transactions using other means of payment into consideration.

For trade in diamonds, one of the largest groups of diamonds in Europe is subject to AML/CFT rules. Therefore, most EU diamond dealers are subject to registration requirements (following fit and proper checks — in particular from a beneficial owner point of view) and to inspections from their responsible authorities that are competent to check both compliance with anti-money laundering obligations and cash payments.

The EU has ‚Kimberley‘ authorities 304 in six countries that check imported and exported shipments of rough diamonds, especially for the presence of a Kimberley certificate (Belgium, the UK, Germany, Czechia, Romania and Portugal). This means rough diamonds cannot be imported to or exported from the EU without a Kimberley certificate and without passing through one of the six dedicated Kimberly Process (KP) authorities.

These six KP authorities are appointed by the European Commission and operate under their supervision. Therefore, the transport of rough diamonds is always subject to checks when entering or exiting the EU. Since trading in rough diamonds without a KP certificate is tantamount to ‘illegal trade’, the KP is a strong preventative measure against money laundering.

The EU framework is rather different for polished diamonds, since they can be imported anywhere in the EU. For Member States who have a very strict import and export control system for diamonds that are imported from countries outside the EU or exported outside the EU, it is possible to circumvent this control mechanism by importing/exporting via a different EU country.

However, national laws are not currently harmonised either for diamonds or gold and this creates a risk of there being discrepancies in the obligations imposed (such as the registration) and the checks applied.

For gold, the lack of harmonised framework is also problematic for checks and enforcement.

The number of suspicious transaction reports is rather low for this category of obliged entities. Transactions are often face-to-face, which poses a specific challenge for protecting employees.

Conclusions: From the elements above, the level of terrorist financing vulnerability related to the purchase of gold and diamonds is considered as significant (level 3).

Money laundering

The level of money laundering vulnerability related to the purchase of gold and diamonds shows that

a) risk exposure

Some private sector representatives mention that the use of cash in the diamond trade has decreased thanks to limits imposed by some national anti-money laundering laws (in some cases, payments in cash are limited to 10% of the total amount of the transaction, with a maximum of EUR 3 000). However, there is no specific information available on the trade in gold where cash payments are still recurrently used with no possibility of identifying the parties involved in the transactions.

b) risk awareness

It is very low as far as money laundering risks are concerned. There is no specific framework in place to limit the transport and purchase of gold and diamonds. Due to the cross-border nature of such movements, checks are difficult or even impossible to implement.

For trade in diamonds, some national organisations of diamond dealers have developed an organisational framework for providing guidance, training courses and assistance with suspicious transaction reports, as well as help with risk analysis. These organisations may also provide ‘know your customers’ databases which include sanctions lists, information about PEPs and/or lists of high-risk third countries. Some diamond traders ensure that identification and verification processes are carried out before a transaction involving payment via bank transfer.

Nevertheless, these practices are rather limited and not sufficiently widespread to consider that the sector is well aware of the risks. The diamond and gold sectors are mostly made up of small companies (often one-person companies) where the person in charge has no legal background and may find it difficult to put the anti-money laundering legislation in practice and apply customer due diligence procedures.

For trade in gold, no specific feedback was received from the private sector as it was impossible to identify a point of contact to discuss anti-money laundering.

c) legal framework and controls

Individuals trading in goods are subject to EU anti-money laundering requirements when they receive payments in cash of EUR 10 000 or more. These anti-money laundering requirements are limited to payments in cash and do not take the risks posed by transactions using other means of payment into consideration.

For trade in diamonds, one of the largest groups of diamonds in Europe is subject to AML/CFT rules. Therefore, some EU diamond dealers are subject to registration requirements (following fit and proper checks — in particular from a beneficial owner point of view) and to inspections from their responsible authorities that are competent to check both the compliance with anti-money laundering obligations and cash payments.

The EU has Kimberley authorities in six countries that check imported and exported shipments of rough diamonds, especially for the presence of a Kimberley certificate (Belgium, the UK, Germany, Czechia, Romania and Portugal). This means rough diamonds cannot be imported to or exported from the EU without a Kimberley certificate and without passing through one of the six dedicated KP authorities. These six KP authorities are appointed by the Commission and operate under their supervision.

Therefore, the transport of rough diamonds is always subject to checks when entering or exiting the EU. Since trading in rough diamonds without a KP certificate is tantamount to ‘illegal trade’, the KP is a strong preventative measure against money laundering.

The EU framework is rather different for polished diamonds, since they can be imported anywhere in the EU. For Member States who have a very strict import and export control system for diamonds that are imported from countries outside the EU or exported outside the EU, it is possible to circumvent this control mechanism by importing/exporting via a different EU country.

However, national laws are not currently harmonised either for diamonds or gold and this creates a risk of there being discrepancies in the obligations imposed (such as the registration) and the checks applied.

For gold, the lack of harmonised framework is also problematic for checks and enforcement.

The number of suspicious transaction reports is rather low for this category of obliged entities. Transactions are often face-to-face, which poses a specific challenge for protecting employees.

Conclusions: Although regulations in place in some Member States have increased the level of risk awareness, the sector is still not organised well enough to allow the implementation of efficient monitoring and guidance. The level of money laundering vulnerability related to the purchase of gold and diamonds is therefore considered as significant (level 3).

Risk level

As regards terrorist financing, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as very significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both terrorist financing and money laundering is HIGH.

Mitigating measures

For the Commission:

·Under the new Cash Controls Regulation, the definition of cash has been extended to cover not only coins, banknotes and bearer negotiable instruments, but also commodities used as highlyliquid stores of value, such as gold (i.e. coins with a gold content of at least 90 % and bullion such as bars, nuggets or clumps with a gold content of at least 99,5 %).

·Additional studies could be carried out to deepen the analysis on those economic sectors/ situations that are more exposed to AML/CFT risks.

Further typology work could be carried out to identify economic sectors particularly vulnerable to money laundering and terrorist financing risks before defining tailor made mitigating measures. This analysis could also map Member States‘ practices since many of them have decided to subject certain additional professions to the AML/CFT regime due their risk analysis.

For Member States:

·Member States should duly consider the risks posed by cash payments in their national risk assessments and define appropriate mitigating measures. Member States should consider making those sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their national risk assessment.

·Member States should ensure that competent authorities conduct sufficient unannounced spot checks at diamond companies and gold traders‘ premises to identify possible loopholes in compliance with customer due diligence requirements and involve diamond experts to check the flow of goods.

·Considering the cross-border nature of ML/TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML/TF to request support from agencies such as Europol.

For obliged entities:

·Training on customer due diligence, in particular for small businesses. This role can filled by a sector federation or a diamond bourse in the case of diamond traders. The training may be about basic AML/CFT requirements such as how to identify clients, how to perform a risk analysis, what are ultimate beneficial owners, what is a financial intelligence unit and how do you notify one, etc.

·Promoting the use of written contracts to get a very detailed invoice with a clear description of the goods (e.g. value, weight, quality).



6. High value assets – other than precious metals and stones

Product

High value assets – other than precious metals and stones 305

Sector

High value dealers

Description of the risk scenario

Perpetrators use high value goods as an easy way to integrate funds into the legal economy, converting criminal cash into another class of asset which retains its value and may even hold opportunities for capital growth. Certain products such as cars – but also jewellery, watches, luxury boats are particularly attractive as both lifestyle goods and economic assets.

A study by the European Parliament’s PANA Committee 306 revealed that, according to EUROPOL, 388 out of the 3,469 entries appearing in the so-called Panama papers were connected to VAT fraud operations 307 . Fighting large-scale VAT fraud implies tackling the money laundering processes of fraudsters as well. According to another EU study 308 , 21 cases of EU VAT fraud between 2004 and 2010 involved organised crime, with the proceeds potentially being used to finance other types of crime, such as drug trafficking, trafficking in human beings, identity fraud, alcohol smuggling and counterfeiting.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to the purchase of other kinds of high value goods (other than gold, diamonds, artefacts and antiques) has not been considered as relevant from a terrorist financing perspective. Therefore, the terrorist financing threat is not part of this assessment.

Conclusions: not relevant

Money laundering

The assessment of the money laundering threat related to the purchase of other kinds of high value goods (other than gold, diamonds, artefacts and antiques) shows that criminal organisations have recurrently used this method, which is easy to access and does not require specific expertise (it includes trafficking in jewellery, cars, boats and watches).

Criminal cash is often converted into goods that are in high demand in foreign markets. Cars and other vehicles are one of the most commonly bought and exported commodity. Key markets are North Africa and the Middle East. Machinery is exported to Iraq and Kuwait; luxury watches, gold and jewellery are exported to the Middle East and North Africa; and food is exported to Africa.

In some EU jurisdictions the lack of cash payment restrictions makes them more attractive for cash-based trade-based money laundering. In other jurisdictions — even in countries with restrictions and reporting obligations — the levels of reporting are very low. Traders in high value goods are among those with the least reporting requirements. In some cases, criminal clients bring business worth millions to the trader, which is another disincentive for reporting.

Chinese organised crime groups have been found to exploit luxury items (haute couture) and popular European high-status brands on the Chinese market. Illegal cash is supplied to Chinese nationals who use it to buy luxury goods. These luxury goods are predominantly sold online in China and the proceeds are used to make settlements in China. Chinese organised crime groups‘ illegal activities in Europe are the main source of criminal proceeds used to buy these items. These illegal activities include tax and duty fraud of Chinese cargo, counterfeiting of goods, drug trafficking, labour and sexual exploitation.

EFIPPP information: In relation to the traffic of human beings, organised crime groups send cash/invest the illegal profits in the country of origin, using cash couriers and money service brokers (Western Union, MoneyGram) and / or invested in real estate, luxury vehicles and cash intensive businesses

In relation to corruption and bribery, straw men are used to obfuscate the beneficial owner of a luxurious asset bought with the bribery funds.

According to the law enforcement authorities‘ findings, until 2015–2016 Chinese nationals residing in the EU were used as money mules. They opened bank accounts, made cash deposits and transferred the money to China. Another method was to use the incoming Chinese tourists to transfer cash upon their return to China. Over time and thanks to interventions by law enforcement agencies, Chinese criminal groups switched to other techniques such as using shoppers to purchase luxury goods. After being purchased in Europe, these goods are taken to China where they are sold for a profit and the generated proceeds are transferred internally in China between the buyers of the goods and the criminal structures. This method is a way for the criminals to conduct the full money laundering cycle, to the point where they can freely use the proceeds in China to pay for new consignments of Chinese cargo, for example. When imported to Europe, these consignments will be undervalued and sold without documents. The generated cash will once again be laundered and taken from Europe to China, creating a criminal cycle that circumvents both law enforcement and tax authorities’ interventions.

On a related note, according to the ECA and Europol, the most damaging VAT frauds are committed by organised crime groups (OCGs) through missing trader intra-community (MTIC) schemes 309 . They benefit from their international criminal structures and connections to establish efficient MTIC schemes to extort money from national budgets. The ECA and Europol estimate that EUR 40-60 billion of the annual VAT revenue losses are caused by organised crime groups and that 2 % of those groups are behind 80 % of the MTIC fraud. The proceeds of MTIC fraud are usually reinvested in new criminal activities or laundered 310 .

Conclusions: The level of money laundering threat related to the purchase of other kinds of high value goods is considered as very significant (level 4).

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability related to the purchase of other kinds of high value goods (other than gold, diamonds, artefacts and antiques) has not been considered as relevant from a terrorist financing perspective. The terrorist financing vulnerability is therefore not part of this assessment.

Conclusions: Not relevant.

Money laundering

The assessment of the money laundering vulnerability related to the purchase of other kinds of high value goods (other than gold, diamonds, artefacts and antiques) shows that this risk scenario shares the same vulnerabilities as that for the purchase of gold/diamonds.

a) risk exposure:

It is difficult to pinpoint the different kinds of goods that may be used to launder money. However, trade on high value goods other than gold and diamonds may rely heavily on cash transactions, with low level of security and monitoring in the delivery channels. It may imply cross-border transactions that are difficult to monitor.

b) risk awareness:

It is very low as far as money laundering risks are concerned. The sector is realy wide and there is no particular organisational framework that may allow the provision of guidance or training. Customer due diligence measures are not applied and the level of suspicious transaction reporting demonstrates that the understanding of the risk is really low.

c) legal framework and controls:

Individuals trading in goods are subject to EU anti-money laundering requirements when they receive payments in cash for EUR 10 000 or more. However, this definition is rather general and does not specify which categories of traded goods fall under the scope of the AMLD. In addition, these anti-money laundering requirements are limited to payments in cash and do not consider the risks of transactions using other means of payment. Nevertheless, some Member States have put in place cash payment restrictions.

However, there are no harmonised national laws in place to address the risks of high value goods trading. It seems that the level of record keeping is very low and that there is an absence of checks.

As regard cooperation between Europol and Member States tax authorities they can now exchange some information referring to VAT fraud under certain conditions pursuant to Regulation (EU) No 904/2010 on administrative cooperation and fighting fraud in the field of VAT 311 .

Conclusions: Although the regulations in place in some Member States have increased awareness of the risks, the sector is still not adequately organised to implement efficient monitoring and provide guidance. The level of money laundering vulnerability related to the purchase of other kinds of high value goods is therefore considered as significant (level 3).

Risk level

As regards terrorist financing, the levels of threat and vulnerability have been assessed as non-relevant (0).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant (3).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for terrorist financing is NON-RELEVANT and for money laundering HIGH.

Mitigating measures

For the Commission:

·The Commission has looked at the potential impact of cash payment restrictions and has published a report on the subject 312 . The report concludes that the Commission should not consider any legislative initiative on this matter at this stage. Restrictions on cash payments are a sensitive issue for people in the EU, many of whom view the possibility to pay in cash as a fundamental freedom, which should not be disproportionally restricted.

·Member States should notify the measures that dealers in goods covered by the AMLD apply to comply with their AML/CFT obligations. On this basis, the Commission could further assess the risks posed by providers of services that accept cash payments. The Commission will also assess the benefits of subjecting additional sectors to AML/CFT rules.

For Member States:

·Member States should duly consider the risks posed by cash payments in their national risk assessments and define appropriate mitigating measures. Member States should consider making sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their national risk assessment.

7. Couriers in precious metals and stones

Product

Gold and other precious metals

Sector

Shipping precious metals and stones is usually prohibited by most courier companies. Depending on how valuable the items are, some companies may allow shipping them under specific conditions and upon signing relevant agreements.

Also, independent individuals.

Description of the risk scenario

This involves the cross-border movement of gold and other precious metals as well as precious stones. Perpetrators who have made cash from their illegal activities seek to convert it into gold and other precious metals or stones so that they can either repatriate funds or move these goods to locations where they can be more easily placed in the legal economy.

Couriers may use air, sea or rail transport to cross an international border, via for example:

– containerised or other forms of cargo, concealed in mail or post parcels — if perpetrators wish to move very large amounts of gold and other precious metal, often their only option is to conceal it in cargo that can be containerised or otherwise transported across borders; or

– sophisticated concealments of gold within goods sent by regular mail or post parcel services.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to gold and other precious metals reveals few indicators that terrorist groups use or have the intention to use this channel to finance terrorist activities.

Gold or diamond couriers are not the most attractive and secure option for terrorist groups — although these assets are frequently exploited in war zones since they are easy to trade. Some instances of foreign terrorist fighters who have changed their belongings into gold have been detected/reported but the situation is not recurrent and requires, in any case, planning and knowledge.

Conclusions: Gold and precious metals couriers are not a preferred method for terrorist groups who tend to favour the use of cash. The level of terrorist financing threat is therefore considered as significant (2).

Money laundering

The assessment of the money laundering threat related to gold and other precious metals couriers shows that organised crime groups have used this method to launder the proceeds of crime. Unlike terrorist organisations, organised crime groups consider it to be an attractive way to launder the proceeds of crime. It requires more planning than moving cash, but does not need major expertise as long as it concerns easy-tradable assets (i.e. preference for gold compared to other precious metals — diamonds compared to other stones). Operations are inexpensive. Perpetrators therefore have the required capacity and intention to use this method. Law enforcement agencies report that other types of precious metals have been used (silver, platinum) but these are not frequent because they are less easily tradable and have higher exchange costs than gold/diamonds.

Investigations conducted in the EU show that one of the most relevant cash-related techniques is transforming cash to gold or jewellery. Some EU countries like Italy and Belgium have active gold markets. Alongside the legal market, information indicates that the gold is stolen and melted. After criminal cash is exchanged for gold it is exported to the Middle East and North Africa where there is a high market demand.

Conclusions: The level of money laundering threat related to gold and other precious metals couriers is considered as significant (level 3).

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability related to gold and other precious metals couriers shows that

a) risk exposure

The assessment of the terrorist financing vulnerability shows that the risk exposure is intrinsically linked to the cash-based activity (anonymity, speediness). The risk exposure is therefore particularly significant for this method.

b) risk awareness

The sector shows a limited awareness of the risks and the checks in place are particularly weak.

c) legal framework and controls

Until the new Cash Controls Regulation entered into application on 3 June 2021, gold was not included in the definition of cash for which a cash declaration was obligatory at the EU’s external borders in case its value was equal or more than EUR 10 000. After that date, the following changes apply:

1) The definition of ‘cash’ in the Cash Controls Regulation is now extended and includes the following:

·Banknotes and coins (including currency now out of general circulation but that can still be exchanged in a financial institution or central bank),

·Bearer negotiable instruments such as cheques, travellers’ cheques, promissory notes and money orders,

·Gold coins with a gold content of at least 90 %,

·Gold bars, nuggets or clumps with a gold content of at least 99.5 %.

2) Customs authorities may also now request that a cash disclosure declaration be lodged when they detect EUR 10 000 or more in cash (as included in the new definition), being sent by post, freight or courier (unaccompanied cash). If requested, this declaration should be made within 30 days by the recipient, sender or by an appointed representative of the two.

3) The new rules also authorise customs authorities to act on amounts lower than EUR 10 000 when there are indications that the cash is linked to criminal activity.

Conclusions: Still gold and other precious metals couriers are not properly monitored because of the limited awareness of the sector. The checks are weak and the reliance on cash increases the vulnerability. The level of terrorist financing vulnerability related to gold and other precious metals couriers is therefore considered as very significant (level 4).

Money laundering

The assessment of the money laundering threat related to gold and other precious metals couriers shows that

a) risk exposure

The risk exposure is intrinsically linked to the cash-based activity (anonymity, speediness). The risk exposure is therefore particularly significant for this method.

b) risk awareness

The sector shows limited awareness of the risks and the checks in place are particularly weak. Law enforcement agencies have also noticed that criminal organisations take advantage of the vagueness of the EU framework, in particular for disclosure of cash payments.

c) Legal framework and checks

Assets such as gold/precious stones are not easy to detect. Checks in the destination countries outside the EU do not help to lessen the risks (conversion of gold/diamonds into cash in destination country without customer due diligence).

Conclusions: Still gold and other precious metals couriers are not properly monitored because of the limited awareness of the sector. The checks in place are weak and the reliance on cash increases the vulnerability. There are no checks in place for declaring movement of precious metals/stones at the EU’s external borders. The level of money laundering vulnerability related to gold and other precious metals couriers is therefore considered as very significant (level 4).

Risk level

As regards terrorist financing, the level of threat has been assessed as significant (2), while the level of vulnerability has been assessed as very significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as very significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

.

Conclusions: estimated risk level for terrorist financing is HIGH and for money laundering VERY HIGH.

Mitigating measures

As recommended by the SNRA 2017 the Commission has adopted a new Cash Controls Regulation to further mitigate the risks described.

8. Investment real estate

Product

Purchase and sales of real estate

Sector

Real estate sector, independent legal professionals, notaries, credit institutions

Description of the risk scenario

Real estate is as attractive to criminals as it is to any investor (prices being generally stable and likely to appreciate over time) and is also functional (the property can be used as a second home or rented out, generating income). Real estate also provides a veneer of respectability, legitimacy and normality.

Although the exact scale of illegal activity in the sector is difficult to estimate, according to a 2019 report by the European Parliament 313 , the share of real estate in criminal assets confiscated, which can be used as an indicator as to how much money is laundered through real estate, was estimated at 30% between 2011 and 2013. It was also noted by a 2021 Europol report 314 looking at organized crime trends in the European Union that most criminal groups and networks (68%) use money laundering methods, such as investing in property, to try to legitimize or hide their illicit proceeds. A 2018 report on real estate money-laundering vulnerability provides an assessment of the magnitude of foreign money of unclear origin laundered into German real estate in 2017 (about EUR 30 billion, with 15 to 30% of criminal proceeds having been invested in real estate) and a description of the phenomenon 315 . After tightening reporting requirements regarding real estate transactions, Germany witnessed a 100-fold increase in reports by notaries between 2019 and 2020 316 . An author specialized in the assessment of the illicit economy, A.F. Steinko 317 , estimates the relevance of money laundered through real estate as high as 80% of the total of criminal proceedings. Figures may vary, but even the lower estimate underlines the significance of the problem.

Common methods used by criminals in ML/TF schemes involve the use of complex loans or credit finance, intermediation via professionals, the use of corporate vehicles, manipulation of the appraisal or valuation of a property, the use of monetary instruments such as cash or cheques, the use of mortgage schemes or the use of properties to conceal money generated by illegal activities 318 . It is also common for criminals to invest high amounts of money (ill-gotten funds) to rebuild or renovate real estates. Afterwards, they could use them for their own benefit (houses, apartments or business offices) or they could sell those real estates with a much higher price than they purchased and justifying the income.

Beneficial ownership 319 appears difficult to be ascertained, given that the structures put in place for the acquisition or properties may be incredibly sophisticated. The Pandora Papers show examples of the fiscal and legal engineering put in place aimed at concealing the origin of the money 320 : In some cases the beneficial owner can be identified, in other cases it is extremely complicated, especially when there is an interposition of companies. Money laundering through the real estate sector does not necessarily have to be expensive, but can actually be quite profitable. By making certain cash payments, criminals often succeed in circumventing tax laws and, thereby, become more profitable than legitimate operators in the real estate business 321 .

On a directly related issue, the recent Commission study on Monitoring offshore wealth hidden in international financial centres 322 has estimated that EUR 1.4 trillion is held in offshore real estate by EU residents. Through interviews with relevant stakeholders, the study confirmed that tax evasion using the real estate sector is cited as a significant problem in many Member States. The use of shell companies like foundations and private limited liability companies to conceal beneficial ownership information, the use of cash to purchase real estate, purchasing real estate at lower than market values, as well using financial instruments like back-to-back loans, have been cited as methods for both money laundering and tax evasion purposes. Whilst information on the ownership of real estate is exchanged between Member States under Directive 2011/16/EU on Administrative Cooperation in Direct Taxation 323 , this depends on information being available in the first place in the Member State where the property is located. Secondly, the information that is available, for example in land and property registers, does not contain information on beneficial ownership of legal persons and arrangements holding real estate.

The impact of COVID-19

The Covid-19 pandemic has undermined demand in the European markets and that has caught the eye of international buyers, including those hoping to launder dirty money. It is also possible sellers and their agents have paid less attention to due diligence in their eagerness to complete deals. Commercial real estate sellers, in particular, have faced pressure to transact quickly, as the impacts of Covid-19 have rocked the economy. Both EUROPOL and the FATF highlighted early on in the ongoing crisis, that criminals may seek to invest in real estate and that the real estate and construction sectors will become even more attractive for money laundering both in terms of investment and as a justification for the movement of funds 324 .

Threat

Terrorist financing

For the purpose of this Supranational Risk Assessment the terrorist financing threat related to real estate investments would be no different from the threat relating to organised crime and money laundering. Therefore, it is not being considered as different to the threat of abuse for the purpose of money laundering.

Conclusion: The terrorist financing threat related to investment in real estate is considered as very significant (level 4).

Money laundering

The assessment of the money laundering threat related to investment in real estate has highlighted the recurrent use of real estate sector by organised crime groups to launder the proceeds of crime. The real estate sector is mostly used in combination with other sectors, such as TCSPs or legal advice, but presents some threat exposure in itself.

Reliance on real estate does not require specific expertise or knowledge, and may be rather financially attractive depending on the services provided.

Europol Financial Intelligence Public Private Partnership (EFIPPP) information, stemming from EFIPPP typology reports:

ML through real estate is related to various crime types:

Trafficking in Human Beings (THB): Organised Crime Groups involved in THB sent cash/invest illegal profits in the country of origin: using cash couriers and Money Service Businesses (Western Union, MoneyGram) and / or investing in real estate, luxury vehicles and cash intensive businesses.

Investment fraud: buy low, sell high schemes targeting commodities and real estate, cryptocurrencies or complex derivative products.

Misuse of public funds: the customer wants to have power of attorney for 3rd parties, i.e. a signal for a straw borrower scheme (individuals with good credit record are hired by criminals to act as a front person for borrowing money or buying certain movable and immovable properties).

Corruption and bribery: use of straw men to obfuscate the beneficial owner of a luxurious bought with the bribery funds.

.

Conclusions: Based on the strong evidence gathered by law enforcement agencies that real estate is frequently used in money laundering schemes and because their services may be combined with those provided by other non-financial professionals, the level of money laundering threat related to real estate is considered as very significant (level 4).

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability related to investment in real estate has been considered together with real estate investment-related money laundering schemes to hide the illegal origin of the funds. The terrorist financing threat therefore does not need a separate assessment.

Conclusion: The assessment of the terrorist financing vulnerability related to investment in real estate is considered as very significant (level 4).

Money laundering

The assessment of the money laundering vulnerability related to investment in real estate shows that:

a) risk exposure

Although it is decreasing in practice, cash can still be used to finance real estate transactions in some Member States. This increases the risk of anonymous transactions. Cash is still intensively used by construction companies and freelance professionals. They use cash to buy materials (VAT fraud) but also to pay workers (non-declare working hours). Illicit cash is used not only to buy real estates but also for renovation or for building purposes.

Real estate agents are usually involved in a business relationship with other professionals, making it difficult to monitor the business relationship effectively (sectors rely on each other to carry out checks) 325 , and therefore increasing the risk exposure. Real estate activities may be based on financial flows coming from outside the EU 326 and high-risk customers, such as politically exposed persons. As already mentioned, cooperation with involved third countries is in many cases suboptimal and hampering the possibilities to reduce the risk of ML/TF through real estate.

b) risk awareness

The level of awareness is uneven in the sector, and particularly depends on the size of the organisation/company concerned. Bigger structures may be more aware of the risk of being misused and consider that they have a role to play in monitoring their customers.

The sector is developing information and training tools, as well as risk assessments. Members of the sector are well aware about their legal obligations, such as cases where enhanced due diligence is required.

For small entities, apart from legal professionals that are part of an umbrella organisation, the level of awareness is drastically lower because: (i) they are not necessarily integrated in a centralised organisational framework that provides guidance and training; (ii) they deal with a lower volume of sales and therefore may have difficulties in understanding and applying a complex anti-money laundering framework (this is the case in particular for single entrepreneurs); and /or (iii) they tend to rely on other sectors to conduct the customer due diligence.

The same information may not be available at all stages of the transaction, for instance if the identity of the buyer changes for practical or commercial reasons and this change is not known at the beginning of the business relationship. The level of awareness of small entities depends on how much training is available.

In any case, the ‘scattering’ of the obliged entities involved does not simplify the implementation of checks and the understanding of the customer due diligence to be applied. The supervision of the sector is also incomplete and based on weak information trails (no written contracts, solicitors used only to stamp a document, etc.).

c) legal framework and checks in place

Real estate agents are subject to EU anti-money laundering requirements. Following the modifications introduced by the 5th AMLD, information on real estate ownership by any natural or legal person will be made centrally available for public authorities. This does not require the creation of a central real estate register. Alternatively, electronic data retrieval systems can be used.

However, when several obliged entities are involved in real estate transactions it makes it difficult for competent authorities to identify the role played by a real estate agent and to identify red flags. The legal practices and procedures for these real estate transactions differ between countries. In some countries, the estate agent can prepare the preliminary legal documentation (although a legal professional may be required to finalise the transaction), while in other countries a solicitor prepares the legal documentation including the contract.

Suspicious transaction reporting is uneven, and is only satisfactory when done by obliged entities other than real estate agents (some real estate agents seem to consider that as they are not involved in the transfer of funds they are not in charge of the suspicious transaction reports). As a consequence, investigative authorities may conduct their own analysis but not on the basis of the real estate information. Private sector representatives consider it a major challenge to identify the beneficial ownership as it is currently not mandatory to register such information. This is particularly the case when the seller and buyer transact in ‘trust’ 327 .

Practices in the sector differ with efforts being made by representative professional associations to promote awareness and good practice examples for their members.

Conclusions: The real estate sector is not organised well enough to sufficiently raise risk awareness. The involvement of different kinds of obliged entities in a real estate transactions/ business relationships tends to dissuade the sector from conducting its own customer due diligence. Suspicious transaction reporting is not satisfactory.

The checks are difficult to carry out and there is not always a sound information trail. The level of money laundering vulnerability related to the real estate sector is therefore considered as very significant (level 4).

Risk level

As regards terrorist financing, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as very significant (4).

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant/very significant (level 4).

RISK

RISK

1 – 1,5

Lowly significant

LOW

1,6 – 2,5

Moderately significant MEDIUM

2,6 – 3,5

Significant

HIGH

3,6 – 4

Very significant

VERY HIGH

Conclusions: estimated risk level for both, terrorist financing and money laundering is VERY HIGH.

Mitigating measures

Anonymity represents the most basic and pernicious AML problem in general. In real estate purchases, it can be abused in the same way as anonymity in financial services. Therefore, efforts must be directed towards collecting beneficial ownership information guaranteeing its transparency.

For the Commission:

Following changes introduced by Directive (EU) 2018/843 328 (“AMLD5”), information on real estate ownership must be available for national anti-money laundering and countering the financing of terrorism (AML/CFT) authorities. Article 32b(1) of AMLD requires Member States to provide Financial Intelligence Units (FIUs) and competent authorities with access to information which allows the identification in a timely manner of any natural or legal persons owning real estate, including through registers or electronic data retrieval systems where such registers or systems are available.

As published by the European Commission in its recent report on real estate registers 329 , a way to guarantee the necessary transparency on beneficial ownership information would be that of following those successful initiatives concerning interconnection of national land registers, which could pave the way for potential legislative actions.

For competent authorities:

·Member States should ensure that competent authorities/self-regulatory bodies supervising the real estate sector produce an annual report on supervisory measures that have been put in place to ensure that the sector accurately applies its AML/CFT obligations. Self-regulatory bodies should report annually on the number of suspicious transaction reports filed to the financial intelligence units.

·On-site inspections commensurate to the population of the real estate representatives in the Member State’s territory and assessing inherent risks like whether the real estate sector is regulated or not, whether a legal representative like a notaris is involved in the transaction, or whether real estate members are required to be authorised to deal in real estate transactions.

For Member States:

·Member States should provide guidance on risk factors arising from real estate transactions and specific training to face situations where several professionals are involved in the real estate transaction (e.g. estate agent, legal professional, financial institution).

·A low threshold of payment in cash should be implemented for purchases of assets (reals estate).

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

Multilevel governance and local government: improving knowledge-exchange and cooperation:

European cities are particularly faced with the negative societal impact of money laundering in real estate. This was highlighted during the public hearing of the ‚Tax3 Committee‘ of the European Parliament on 5 February 2019. In 2018, the city of Amsterdam hosted a three-day conference entitled ‘Flying Money’ 330 , on the impact of illegal money flows, where 14 European cities shared their experiences. One conclusion was that it would be useful to see how different levels of governance involved in the fight against money laundering in real estate (local, national and European) can further cooperate, share expertise and experiences and produce solutions, for instance in the field of further improving information-exchange within the EU and implementing trainings/guidance for the sector (and obliged parties).

9. Services provided by accountants, auditors, advisors and tax advisors

Product

Services provided by accountants, auditors, advisors and tax advisors

Sector

External accountants, auditors, advisors and tax advisors

General description of the sector and the related product/activity concerned

Accountants, auditors, advisors and tax advisors work in diverse capacities and sectors: as members of the staff of the company on which they provide their services or as self-employed or consultant company’s staff in accountancy firms, SMEs, large companies, governments, non-profit organisations, education, etc.

In the EU, the profession is bound by AML/CFT requirements provided by specific EU legislation.

Their diverse professional activities can be grouped as follows:

·Accountants help organisations prepare their financial and non-financial data to measure performance, including the social impact of their economic activities. In doing so, they help organisations manage and control risks, and provide checks and balances on sound governance, ethics and sustainability. The organisations report these measurements to the outside world so e.g. investors can base their decisions on the organisation’s performance. In some instance, they can provide additional services (see advisors below).

·Auditors 331 provide a legally mandated check of the financial accounts of large and medium-sized undertakings and form an opinion on them.

·Advisors: Many organisations rely on the professional advice, for example on finance, tax, corporate social responsibility, human resources, data protection and cyber security.

·Tax advisors carry out a range of activities. The main tax advice activities can be grouped as follows:

oTax compliance: preparation of tax returns, social security and payroll, compliance with various statutory reporting, registration or publication requirements;

oAdvisory: advice on specific tax-related questions that do not occur on a regular basis (e.g. inheritance, mergers or spin-offs, insolvencies, setting up of a company, purchase of immovable property), tax investigation, tax planning / tax optimisation;

oTax litigation and appeals, advice on these proceedings, representation in criminal tax cases.

Nevertheless, there are relevant differences between Member States in terms of how accountants/tax advisors are organised and regulated. One or more professions in these sectors are regulated in 18 Member States, either:

by way of reserved activities and protected titles 332 ;

by reserved activities 333 ; or

by protecting the professional title only 334 .

In nine Member States 335 , none of the professions in the field are directly regulated. Other Member States generally justify regulating the sector