(1) The enhanced due diligence requirements must be fulfilled in addition to the general due diligence requirements.
(2) 1Obliged entities are required to fulfil enhanced due diligence requirements if they find out, through a risk analysis or by taking into account the risk factors specified in annexes 1 and 2 in an individual case, that a higher risk of money laundering or terrorist financing may arise. 2The obliged entities must determine the specific extent of measures to be taken in accordance with the respective higher risk of money laundering or terrorist financing. 3For the demonstration of adequacy, section 10 (2) sentence 4 applies, with the necessary modifications.
(3) A higher risk arises in particular
- if a contracting party of the obliged entity or a beneficial owner is a politically exposed person, a family member or a person known to be a close associate,
- in the case of a business relationship or transaction in which a high-risk third country identified by the European Commission in accordance with Article 9(2) of Directive (EU) 2015/849, as amended by point (5) of Article 1 of Directive (EU) 2018/843, or a natural or legal person resident in that third country is involved; this does not apply to branches of obliged entities under Article 2(1) of Directive (EU) 2015/849, as amended by point (1) of Article 1 of Directive (EU) 2018/843, who are established in the European Union and to majority owned subsidiaries of these obliged entities that are located in a high-risk third country, provided that those branches and subsidiaries comply in full with the group-wide policies and procedures they are required by Article 45(1) of Directive (EU) 2015/849 to apply,
- if the transaction, in relation to similar cases,
a) is particularly complex or unusually large,
b) is conducted in an unusual pattern or
c) has no apparent economic or lawful purpose, or
- in cases where obliged entities under section 2 (1) nos. 1 to 3 and 6 to 8 are in cross-border correspondent relationships with third-country respondents or, if the obliged entities identify a heightened risk, with respondents from a country in the European Economic Area.
(4) 1In one of the cases set out in subsections (2) and (3) no. 1, at least the following enhanced due diligence requirements must be fulfilled:
- establishing or continuing a business relationship requires approval from a member of senior management,
- adequate measures must be taken to establish the source of funds involved in the business relationship or the transaction and
- enhanced, ongoing monitoring of the business relationship must be conducted.
2If, in the case of subsection (3) no. 1, the contracting party or the beneficial owner was only initially entrusted with a prominent public function during the course of the business relationship, or if the obliged entity gained knowledge of the fact that the contracting party or the beneficial owner held a prominent public function only after establishing the business relationship, the obliged entity is required to ensure that the relationship is only continued with the approval of a member of senior management. 3In the case of a formerly politically exposed person, the obliged entities are required to take account of the specific risk associated with politically exposed persons for at least twelve months after the person has left the public function and take appropriate and risk-adequate measures until it can be assumed that the risk no longer exists.
(5) In the case set out in subsection (3) no. 2, obliged entities must fulfil at least the following enhanced due diligence requirements:
- they must obtain:
a) additional information on the contracting party and the beneficial owner,
b) additional information on the intended nature of the business relationship;
c) additional information about the source of assets and wealth of the contracting party,
d) information about the source of assets and wealth of the beneficial owner, with the exception of persons deemed to be beneficial owners under section 3 (2) sentence 5,
e) information on the reasons for the intended or performed transaction, and
f) information on the intended use of the assets that will be used in the transaction or business relationship, insofar as this is necessary to assess the risk of terrorist financing,
- establishing or continuing a business relationship requires approval from a member of senior management and
- in the case of a business relationship, they must conduct enhanced monitoring of the business relationship by
a) increasing the number and timing of controls applied, and
b) selecting patterns of transactions that need further examination.
(5a) 1In the case described in subsection (3) no. 2, and in addition to the enhanced due diligence requirements referred to in subsection (5), the competent supervisory authorities may require one or more enhanced due diligence requirements to be fulfilled by the obliged entities, which may also consist of the following measures, on a risk-appropriate basis and in compliance with the European Union’s international obligations:
- reporting financial transactions to the Financial Intelligence Unit,
- limiting or prohibiting business relationships or transactions with natural or legal persons from high-risk third countries,
- prohibiting obliged entities located in a high-risk third country from establishing subsidiaries, branches or representative offices in Germany,
- prohibiting obliged entities from establishing or representative offices in a high-risk third country,
- requiring increased examination of compliance with anti-money laundering requirements for branches and subsidiaries of obliged entities located in a high-risk third country
a) by the competent supervisory authority or
b) by an external auditor,
- introducing enhanced requirements for an external audit under no. 5 (b),
- for obliged entities under section 2 (1) nos. 1 to 3 and 6 to 9, reviewing, amending or, if necessary, terminating correspondent relationships in a third country.
2Subsection (10) sentence 2 applies, with the necessary modifications, to the competent supervisory authorities if these measures are directed.
(6) In the case set out in subsection (3) no. 3, at least the following enhanced due diligence requirements must
- the transaction and its background and purpose must be examined by taking appropriate measures so that the risk associated with the respective business relationship or transactions can be monitored and assessed with regard to money laundering and terrorist financing and to determine, if applicable, whether a reporting requirement under section 43 (1) exists, and
- where a transaction is based on an underlying business relationship, this relationship is to be subject to enhanced, ongoing monitoring in order that the risk associated with the business relationship and individual transactions with regard to money laundering and terrorist financing can be assessed and, in the case of heightened risk, monitored.
(7) In the case set out in subsection (3) no. 4, obliged entities under section 2 (1) nos. 1 to 3 and 6 to 9 are required to fulfil at least the following enhanced due diligence requirements when establishing a business relationship:
- sufficient information about the respondent must be obtained so that the nature of their business can be fully understood and their reputation, their controls for preventing money laundering and terrorist financing and the quality of supervision can be assessed,
- the approval of a member of senior management must be obtained before a business relationship with the respondent is established,
- before such a business relationship is established, the respective responsibilities of participants with regard to the fulfilment of due diligence requirements must be determined and documented in accordance with section 8,
- measures must be taken to ensure that the obliged entity does not establish or continue a business relationship with a respondent whose accounts are known to be used by a shell bank, and
- measures must be taken to ensure that the respondent does not permit payments through payable-through accounts.
(8) If there are facts, relevant evaluations, reports or assessments from national or international agencies responsible for preventing or combating money laundering or terrorist financing that justify the assumption that a higher risk exists beyond the cases set out in subsection (3), the supervisory authority may order the obliged entities to enhance their monitoring of the transactions and business relationships and fulfil additional due diligence requirements appropriate to the risk and any necessary countermeasures.
(9) If the obliged entity is not in a position to fulfil the enhanced due diligence requirements, section 10 (9) applies, with the necessary modifications.
(10) 1The Federal Ministry of Finance may, by way of a statutory order not requiring the consent of the Bundesrat,
- designate types of cases in which a potentially higher risk of money laundering and terrorist financing exists, particularly with regard to countries, customers, products, services, transactions or delivery channels, and in which the obliged entities are required to fulfil specific enhanced due diligence requirements and countermeasures,
- for types of cases within the meaning of subsection (3) no. 2, order enhanced due diligence requirements and countermeasures and make arrangements for the competent supervisory authorities under subsection (5a) to order and ordering and structure enhanced due diligence requirements.
2When enacting a statutory instrument under this provision, the Federal Ministry of Finance must take into account relevant evaluations, assessments or reports drawn up by international organisations and standard setters with competence in the field of preventing money laundering and combating terrorist financing, in relation to the risks posed by individual third countries.