Simplified Due Diligence

Simplified Due Diligence (SDD)

Simplified Due Diligence (SDD) represents an integral part of the contemporary anti-money laundering (AML) framework.

What is Simplified Due Diligence (SDD)?

SDD is a component of customer due diligence (CDD) that applies a less rigorous approach to certain low-risk customers and transactions. It’s a risk-based method allowing entities to streamline their due diligence processes without compromising the integrity and objectives of AML and counter-terrorist financing (CTF) measures.

Who implements SDD?

SDD is implemented by obligated entities identified under AML regulations, including financial institutions, credit institutions, and certain non-financial businesses and professions. These entities are responsible for assessing risk and applying appropriate due diligence measures.

When is SDD applied?

SDD is applied in situations assessed as presenting a lower risk of money laundering or terrorist financing. According to the 4th AMLD, such scenarios might involve transactions with public companies listed on stock exchanges or entities established in geographical areas deemed to have lower risk.

The 5th AMLD, effective since 2018, further refines these criteria, emphasizing the need for a continuous assessment of risk and adjusting due diligence measures as needed.

Where is SDD relevant?

SDD is particularly relevant in the European Union, as guided by the 4th and 5th AMLD, and in Germany, as per the GwG.

Why is SDD important?

SDD is crucial for several reasons:

  1. Efficiency: It allows obliged entities to allocate resources more effectively, focusing on higher-risk areas while streamlining processes in lower-risk situations.
  2. Flexibility: SDD provides a flexible approach to due diligence, adapting to varying risk levels.
  3. Compliance: It ensures that entities comply with AML regulations without imposing unnecessary burdens in low-risk scenarios.

How is SDD implemented?

  1. Risk Assessment: Entities must first perform a risk assessment based on factors outlined in the 4th and 5th AMLD, and German GwG.
  2. Documentation and Justification: As emphasized in the BaFin guidance, entities must document their decision-making process and be prepared to justify the application of SDD to regulatory authorities.
  3. Continuous Monitoring: SDD does not negate the need for monitoring. Entities must continue to observe customer activities to detect any changes in risk profiles.
  4. Adherence to Legal Standards: Entities must stay aligned with the evolving legal requirements, such as the considerations for digital transactions and new risk factors like „golden visas.“

4th AMLD

The 4th AMLD (Directive (EU) 2015/849), specifically in Section 2, focuses on Simplified Due Diligence (SDD). This section outlines the conditions under which SDD measures can be applied and the responsibilities of Member States and obliged entities in this regard.

Article 15

  • Lower Risk Areas: Article 15 allows Member States and obliged entities to apply SDD measures where they identify areas of lower risk.
  • Risk Assessment: Before implementing SDD, obliged entities must ascertain that the business relationship or transaction presents a lower degree of risk.
  • Monitoring Obligations: It mandates Member States to ensure that obliged entities sufficiently monitor transactions and business relationships to detect unusual or suspicious activities.

Article 16

  • Risk Assessment Factors: This article emphasizes the importance of assessing the risks of money laundering and terrorist financing. When evaluating risks associated with customer types, geographic areas, products, services, transactions, or delivery channels, Member States and obliged entities are required to consider factors indicating potentially lower risk situations, as outlined in Annex II of the directive.

Article 17

  • Guidelines by ESAs: By 26 June 2017, the European Supervisory Authorities (ESAs) are tasked with issuing guidelines to competent authorities and financial institutions. These guidelines are meant to help in understanding the risk factors to consider and the measures to implement when SDD is appropriate.
  • Tailored Measures: The guidelines are expected to take into account the nature and size of the business, and where necessary, specify appropriate and proportionate measures for SDD.

ANNEX I

The following is a non-exhaustive list of risk variables that obliged entities shall consider when determining to what extent to apply customer due diligence measures in accordance with Article 13(3):

(i) the purpose of an account or relationship;

(ii) the level of assets to be deposited by a customer or the size of transactions undertaken;

(iii) the regularity or duration of the business relationship.

ANNEX II

The following is a non-exhaustive list of factors and types of evidence of potentially lower risk referred to in Article 16:

(1) Customer risk factors:

(a) public companies listed on a stock exchange and subject to disclosure requirements (either by stock exchange rules or through law or enforceable means), which impose requirements to ensure adequate transparency of beneficial ownership;

(b) public administrations or enterprises;

(c) customers that are resident in geographical areas of lower risk as set out in point (3);

(2) Product, service, transaction or delivery channel risk factors:

(a) life insurance policies for which the premium is low;

(b) insurance policies for pension schemes if there is no early surrender option and the policy cannot be used as collateral;

(c) a pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages, and the scheme rules do not permit the assignment of a member’s interest under the scheme;

(d) financial products or services that provide appropriately defined and limited services to certain types of customers, so as to increase access for financial inclusion purposes;

(e) products where the risks of money laundering and terrorist financing are managed by other factors such as purse limits or transparency of ownership (e.g. certain types of electronic money);

(3) Geographical risk factors:

(a) Member States;

(b) third countries having effective AML/CFT systems;

(c) third countries identified by credible sources as having a low level of corruption or other criminal activity;

(d) third countries which, on the basis of credible sources such as mutual evaluations, detailed assessment reports or published follow-up reports, have requirements to combat money laundering and terrorist financing consistent with the revised FATF Recommendations and effectively implement those requirements.

ANNEX III

The following is a non-exhaustive list of factors and types of evidence of potentially higher risk referred to in Article 18(3):

(1) Customer risk factors:

(a) the business relationship is conducted in unusual circumstances;

(b) customers that are resident in geographical areas of higher risk as set out in point (3);

(c) legal persons or arrangements that are personal asset-holding vehicles;

(d) companies that have nominee shareholders or shares in bearer form;

(e) businesses that are cash-intensive;

(f) the ownership structure of the company appears unusual or excessively complex given the nature of the company’s business;

(2) Product, service, transaction or delivery channel risk factors:

(a) private banking;

(b) products or transactions that might favour anonymity;

(c) non-face-to-face business relationships or transactions, without certain safeguards, such as electronic signatures;

(d) payment received from unknown or unassociated third parties;

(e) new products and new business practices, including new delivery mechanism, and the use of new or developing technologies for both new and pre-existing products;

(3) Geographical risk factors:

(a) without prejudice to Article 9, countries identified by credible sources, such as mutual evaluations, detailed assessment reports or published follow-up reports, as not having effective AML/CFT systems;

(b) countries identified by credible sources as having significant levels of corruption or other criminal activity;

(c) countries subject to sanctions, embargos or similar measures issued by, for example, the Union or the United Nations;

(d) countries providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country.

5th AMLD

The 5th Anti-Money Laundering Directive (AMLD) introduces specific amendments to the 4th AMLD, particularly in the context of Simplified Due Diligence (SDD). Here’s a summary and analysis of the relevant amendments in Article 1:

Amendment to Annex II

  • The introductory part of point (3) in Annex II is revised to focus on „registration, establishment, residence in“ specific geographical areas. This change suggests a more precise approach in assessing geographical risk factors, potentially affecting the application of SDD. It emphasizes the importance of where a customer or entity is registered, established, or resides in determining their risk profile.

Amendments to Annex III

  • Addition of new customer risk factor:
    • Point (g) in Point (1): A new risk factor is introduced for customers who are third-country nationals applying for residence rights or citizenship in a Member State in exchange for capital transfers, property purchases, government bonds, or corporate entity investments. This amendment reflects a growing concern over the risks associated with „golden visas“ or „citizenship-by-investment“ schemes, suggesting that such scenarios should be considered higher risk and thus not suitable for SDD.
  • Amendments to product, service, transaction, or delivery channel risk factors:
    • Amendment in Point (c) of Point (2): The focus is on non-face-to-face business relationships or transactions. The amendment requires secure methods like electronic identification or trust services as safeguards. This change reflects the evolving nature of digital and remote transactions and the need for robust verification methods to maintain a lower risk profile suitable for SDD.
    • Addition of Point (f) in Point (2): A new risk factor is added for transactions related to specific high-risk goods like oil, arms, precious metals, tobacco products, cultural artefacts, and endangered species. This inclusion highlights the need for heightened due diligence in sectors prone to illicit activities, suggesting these areas are generally unsuitable for SDD.

German GwG

The German Money Laundering Act (GwG) outlines specific requirements for customer due diligence (CDD), including provisions for Simplified Due Diligence (SDD). Here’s a summary and analysis of the relevant sections:

Section 10 (2) – General Due Diligence Requirements

  • Risk-Based Approach: Obliged entities must tailor their due diligence measures to the risk of money laundering or terrorist financing. This is particularly relevant to the contracting party, business relationship, or transaction.
  • Consideration of Risk Factors: Entities must pay attention to risk factors specified in Annexes 1 and 2 of the GwG.
  • Key Aspects for Risk Evaluation:
    1. Purpose of the account/business relationship.
    2. Level of assets deposited or transaction size.
    3. Regularity or duration of the business relationship.
  • Demonstration of Adequacy: Entities must be able to demonstrate to competent authorities that their measures are proportionate to the assessed risks.

Section 14 – Simplified Due Diligence Requirements

  • Application of SDD: When entities establish that certain areas pose only a small risk (considering factors in Annexes 1 and 2), they are required to fulfill SDD.
  • Ascertainment of Lower Risk: Before applying SDD, entities must ascertain that the business relationship or transaction indeed entails a lower risk of money laundering or terrorist financing.
  • Modification of Measures:
    1. Entities can appropriately reduce the extent of general due diligence measures.
    2. Verification of identity can be carried out using different documents, data, or information from credible and independent sources.
  • Continuous Scrutiny: Despite the application of SDD, entities must continuously scrutinize transactions and relationships to detect and report unusual or suspicious activities.
  • Inability to Fulfill SDD Requirements: If an entity cannot fulfill SDD requirements, the provisions of Section 10 (9) apply.
  • Regulatory Guidance: The Federal Ministry of Finance, in consultation with other relevant ministries, may designate specific types of cases presenting lower risk and specify the conditions under which SDD is applicable.
  • Exemption for Domestic Fund Transfers: Directive (EU) 2015/847 (on fund transfers) does not apply to domestic transfers under €1,000 to a beneficiary’s account for goods or services delivery, provided certain conditions are met (like traceability of the funds and compliance of the beneficiary’s payment service provider with the GwG).

Annex 1 – Factors indicating a potentially lower risk

The following is a non-exhaustive list of factors and types of evidence of potentially lower risk under section 14:

  1. Customer risk factors:
    a) public companies listed on a stock exchange and subject to disclosure requirements (either by stock exchange rules or through law or enforceable means), which impose requirements to ensure adequate transparency of beneficial ownership,
    b) public administrations or companies,
    c) customers that are resident in geographical areas of lower risk as set out in no. 3.
  2. Product, service, transaction or delivery channel risk factors:
    a) life insurance policies for which the premium is low,
    b) insurance policies for pension schemes if there is no early surrender option and the policy cannot be used as collateral,
    c) a pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages, and the scheme rules do not permit the assignment of a member’s interest under the scheme,
    d) financial products or services that provide appropriately defined and limited services to certain types of customers, so as to increase access for financial inclusion purposes,
    e) products where the risk of money laundering and terrorist financing are managed by other factors such as purse limits or transparency of ownership (e.g. certain types of electronic money).
  3. Geographical risk factors – registration, establishment, residence in:
    a) member states,
    b) third countries having effective systems for the prevention, detection and combating of money laundering and terrorist financing,
    c) third countries identified by credible sources as having a low level of corruption or other criminal activity,
    d) third countries which, on the basis of credible sources such as mutual evaluations, detailed assessment reports or published follow-up reports, have requirements to prevent, detect and combat money laundering and terrorist financing consistent with the revised FATF (Financial Action Task Force) Recommendations and effectively implement those requirements.

Annex 2 – Factors indicating a potentially higher risk

The following is a non-exhaustive list of factors and types of evidence of potentially higher risk under section 15:

  1. Customer risk factors:
    a) the business relationship is conducted in unusual circumstances,
    b) customers that are resident in geographical areas of higher risk as set out in point (3),
    c) legal persons or arrangements that are personal asset-holding vehicles,
    d) companies that have nominee shareholders or shares in bearer form,
    e) businesses that are cash-intensive,
    f) the ownership structure of the company appears unusual or excessively complex given the nature of the company’s business,
    g) the customer is a third country national who applies for residence rights or citizenship in the Member State in exchange of capital transfers, purchase of property or government bonds, or investment in corporate entities in that Member State;
  2. Product, service, transaction or delivery channel risk factors:
    a) private banking,
    b) products or transactions that might favour anonymity,
    c) non-face-to-face business relationships or transactions, without certain safeguards, such as electronic identification means, relevant trust services as defined in Regulation (EU) No. 910/2014 or any other secure, remote or electronic, identification process regulated, recognised, approved or accepted by the relevant national authorities,
    d) payment received from unknown or unassociated third parties,
    e) new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products,
    f) transactions related to oil, arms, precious metals, tobacco products, cultural artefacts and other items of archaeological, historical, cultural and religious importance, or of rare scientific value, as well as ivory and protected species.
  3. Geographical risk factors:
    a) without prejudice to Article 9 of Directive (EU) 2015/849, countries identified by credible sources (such as mutual evaluations, detailed assessment reports or published follow-up reports), as not having effective systems for the prevention, detection and combating of money laundering and terrorist financing,
    b) countries identified by credible sources as having significant levels of corruption or other criminal activity,
    c) countries subject to sanctions, embargos or similar measures issued by, for example, the European Union or the United Nations,
    d) countries providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country.

Justification for the German GwG

The justification for the law in the German Bundestag Printed Matter (BT-Drs.) 18/11555, specifically focused on Simplified Due Diligence (SDD), can be summarized as follows:

On Section 14 (1) of the German GwG

  • Risk-Based Approach: The law acknowledges the risk-based approach mandated by the 4th AMLD and FATF standards. This approach recognizes that in certain lower-risk situations, the full extent of general customer due diligence obligations may be unnecessary or excessive.
  • Implementation of Article 15: This provision implements Article 15 of the 4th AMLD, adapting the customer due diligence requirements to the level of risk.
  • Requirement for Justification: Obliged entities must be prepared to demonstrate the adequacy of their SDD measures to their supervisory authorities. This ensures that the relaxed measures are appropriately used.
  • Flexibility in Application: The law allows for more flexibility in the application of SDD, moving away from the previous limitation to specific case groups. This change reflects an understanding that lower risk can vary in context and isn’t limited to predefined categories.

On Section 14 (2) of the German GwG

  • Adherence to FATF Standards: The law closely follows FATF standards in its approach to SDD.
  • No Complete Exemption from CDD: It clarifies that SDD does not equate to a complete exemption from customer due diligence obligations outlined in Section 10 (1) of the German GwG. All obligations must still be met.
  • Proportional Measures: However, in line with the risk-based approach, the extent of due diligence measures can be reduced appropriately in lower-risk situations. This implies a more tailored approach to due diligence based on the specific risk profile.
  • Alternative Methods for Identity Verification: The law permits identity verification under SDD to be conducted using different types of documents, data, or information from credible and independent sources, offering flexibility in how identity checks are conducted.

Paragraph 3

  • Termination Obligation in Non-Feasible Cases: If it’s not feasible to fulfill SDD obligations, then the termination obligation as per Section 10 (9) is applicable. This serves as a fallback in cases where SDD measures cannot be implemented appropriately.

BaFin-Interpretation and Application Guidance on the German GwG

The BaFin Interpretation and Application Guidance on the German Money Laundering Act (GwG) provides detailed instructions on how obliged entities should approach Simplified Due Diligence (SDD).

Principle

  • Risk-Based Approach for SDD: Obliged entities may fulfill SDD obligations if they determine, based on a risk assessment, that certain areas present a low risk of money laundering or terrorist financing. This applies particularly to customers, transactions, services, or products.
  • Documentation Requirement: A prior risk assessment must be documented in writing. The adequacy of the SDD measures applied must be demonstrable, aligning with Section 10 (2) sentence 4 of the GwG.

Factors Resulting in a Potentially Lower Level of Risk

  • Flexibility in Application: The application of SDD is not limited to specific cases. Obliged entities can apply SDD based on their own risk assessment, considering the factors in Annex 1 of the GwG and relevant guidelines.
  • Examples of Lower Risk Scenarios:
    • Transactions or business relationships with obliged entities within the GwG scope or EU/Equivalent third country credit/financial institutions.
    • Transactions or relationships with stock exchange-listed companies subject to transparency requirements.
    • Transactions or relationships with domestic or certain foreign authorities/public institutions, assuming transparency and accountability.
  • Mandatory Documentation: The risk assessments leading to the application of SDD must be properly documented.

Scope of the Due Diligence Obligations to be Fulfilled

  • No Exemption from CDD Obligations: SDD does not exempt entities from fulfilling the CDD obligations indicated in Section 10 (1) of the GwG. All obligations must still be fulfilled, but the extent can be reduced appropriately.
  • Examples of Simplified Measures:
    • The frequency of review activities in ongoing monitoring can be reduced.
    • Identity verification might be done using alternative documents, data, or information from credible sources (e.g., a driving license or an electricity bill).
  • Failure to Fulfill SDD: If an entity cannot fulfill SDD obligations, the termination/non-implementation obligation in Section 10 (9) of the GwG applies.

Sources: