Germany: impact of the Fourth European Anti-Money Laundering Directive on the insurance sector
The Fourth Anti-Money Laundering Directive (Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015) was published on 5 June 2015. This directive implements the revised 40 Recommendations of the Financial Action Task Force (FATF) of the OECD for the prevention of money laundering and terrorist financing, which the EU Member States are obligated to transpose into national law. The new directive, compared with the earlier directive, provides for comprehensive risk analyses and additional requirements for the obliged entities within the framework of money laundering inspections. The directive also provides for an enhancement of the sanctions regime. The Member States now have two years to transpose the new rules into national law. The standards set out in the directive are merely minimum standards, however, that the Member States may exceed in their national laws.
In Germany, the rules provided for under the Germany Money Laundering Act (Geldwäschgesetz (GwG)) and under §§ 80c et seqq. of the German Insurance Supervision Act (VAG) (or §§ 52 et seqq. of the German Insurance Supervision Act of 2016 (VAG 2016)) apply to date to – simply put – insurance companies and insurance intermediaries that offer or arrange life insurance contracts and accident insurance contracts with return of premiums. The question is thus what impact the new directive will in all probability have on Germany’s insurance sector.
1. Obliged entities
The hitherto applicable provisions of the Money Laundering Act apply inter alia to insurance companies that offer life insurance contracts or accident insurance contracts with return of premiums (§ 2 (1) No 4 of the Money Laundering Act). The obliged entities are also insurance intermediaries that act with respect to life insurance or other investment-related services with the exception of the insurance intermediaries acting as set out in § 34d (3), (4) of the German Trade, Commerce and Industry Regulation Act (GewO) (§ 2 (1) No 5 of the Money Laundering Act).
In this respect, the Fourth Money Laundering Directive does not enlarge the group of addressees (thus the group of “obliged entities” subject to the provisions of money laundering law). Also under this directive, obliged entities are – among others – insurance companies that perform life insurance work and insurance intermediaries if they act with respect to life insurance and other investment-related services, with the exception of tied insurance intermediaries. It is not to be expected that the German legislature will now, in transposing the directive into national law, also include other insurance companies and insurance intermediaries in the group of obliged entities under the Money Laundering Act.
2. The risk-based approach provided for under the Fourth Anti-Money Laundering Directive
The obliged entities under the new Anti-Money Laundering Directive are supposed to be obligated in the future to examine each individual business relationship and transaction with regard to its respective money laundering risk. This is probably the greatest difference between the new directive and the preceding directives. This is supposed to prevent automatisms in risk assessment.
In this respect, however, it is likely that there will be hardly any or only very slight changes compared to the rules of the Money Laundering Act and of §§ 80c et seqq. of the Insurance Supervision Act that currently exist in Germany, because a risk-based approach for the prevention of money laundering and terrorist financing has been increasingly pursued in Germany already in the past. The necessity of a risk assessment regarding an individual case has been included in the already applicable regulatory duties at least since the German Act on Optimising the Prevention of Money Laundering (Gesetz zur Optimierung der Geldwäscheprevention) came into force on 29 December 2011. Consequently, the insurance companies and insurance intermediaries concerned are already required to carry out a risk analysis in accordance with § 3 (4) Sentence 1 of the Money Laundering Act and operate and update appropriate systems in order to recognise doubtful or unusual business relationships or transactions that are to be considered doubtful or unusual on the basis of the experience and knowledge of money laundering and terrorist financing methods that is available to the public and to the insurer. The due diligence measures must be adapted to the level of the assessed risk – as average, lower or higher – in the individual case, and appropriate measures, their details depending on the obliged entity’s own due discretion, must be taken.
The following due diligence measures apply in principle under both the applicable German law (Money Laundering Act) and the regulations of the Fourth Anti-Money Laundering Directive: (1) identifying the customer; (2) assessing the intended purpose and nature of the business relationship; (3) identifying the beneficial owner, thus the person who owns or controls the customer and/or on whose behalf a transaction or activity is being conducted; and (4) conducting ongoing monitoring of the business relationship. Insurance companies must also identify the respective beneficiary under the life insurance policy.
It is therefore not to be expected that the rules established by the German legislature will be fundamentally changed as a result of the rules provided for under the Fourth Anti-Money Laundering Directive.
It should be emphasised, however, that both the European Commission and the European Supervisory Authorities EIOPA, EBA and ESMA are supposed to jointly make an analysis of the money laundering and terrorist financing risks and update this analysis at regular intervals. The Commission’s report and that of the European Supervisory Authorities are supposed to be available by 26 June 2017. The results of these analyses and the recommendations developed from them are then supposed to be made available to the Member States and also to the obliged entities to assist them in identifying, understanding, managing and mitigating the risk of money laundering and terrorist financing. Whether additional insights and possible “recommendations for action” for the insurance sector will result from this remains to be seen.
3. Simplified and Enhanced Due Diligence Measures
a) Up to now, § 5 of the Money Laundering Act and, especially for insurance companies, § 80e of the Insurance Supervision Act provide for exhaustively specified case groups in which – subject to a risk assessment based on special circumstances of the individual case – only simplified due diligence obligations must be met. Simplified due diligence obligations entail only minimum measures (identifying the contractual partner, conducting ongoing monitoring of the business relationship).
In the future, the obliged entities are supposed to take into account in the risk assessment at least the factors for a “potentially lower risk” listed in Annex II to the Directive. These are only possible indicators, however, which are not exhaustive. Possible factors for a potentially lower risk, also under the Fourth Anti-Money Laundering Directive, are – like already under applicable German law – (1) life insurance policies for which the premium is low (although it is not stated in the directive how low a premium must be to be considered low), (2) insurance policies for pension schemes if there is no early surrender option and the policies cannot be used as collateral, (3) pension, superannuation or similar schemes that provide retirement benefits to employees, where contributions are made by way of deduction from wages, and the scheme rules do not permit the assignment of members’ interests under the scheme, (4) financial products or services that provide appropriately defined and limited services to certain types of customers, so as to increase access for financial inclusion purposes and (5) products where the risks of money laundering and terrorist financing are managed by other factors such as purse limits or transparency of ownership (e.g. certain types of electronic money). Many of the factors specified in Annex II to the directive thus correspond to the case groups currently contained in § 80e of the Insurance Supervision Act.
b) The fundamentally risk-oriented approach is broken in the directive with respect to the so-called enhanced due diligence obligations: enhanced due diligence obligations must always be met if the respective customer is located in a third country that the Commission has identified as a high-risk country (“high-risk situations”). If the customer comes from one of these higher-risk third countries, enhanced due diligence obligations must automatically be fulfilled – without any inclusion of other factors. Insurance companies and insurance intermediaries must therefore be “up to date” in the future with regard to what counties are to be considered high-risk third countries.
The Fourth Anti-Money Laundering Directive also contains, in Annex III, other non-exhaustive factors and possible indicators of a potentially higher risk. Such a factor can be, for example, that the respective customer comes from a country subject to sanctions, embargoes or similar measures issued by the European Union or the United Nations. Payments received from unknown or unassociated third parties can also be such an indicator.
The new Anti-Money Laundering Directive also enlarges the group of so-called politically exposed persons (PEPs). Members of the governing bodies of political parties are now also politically exposed persons. This group also includes – unchanged – heads of state, heads of government, ministers and high-ranking officers in the armed forces. For so-called PEPs, the obliged entities are also subject to enhanced due diligence obligations. The extension of the group of PEPs to include members of the governing bodies of political parties will make it necessary to update existing PEP lists.
4. Register of Beneficial Owners
The directive establishes a new kind of duty of the customers to cooperate. All legal entities are obligated to obtain and store precise and updated information concerning their beneficial owners and the type and scope of the beneficial ownership. They must provide this information to the obliged entities in the course of the money laundering checks.
This information is to be stored in a central register in each Member State – for example, a commercial or company register. This register should not be available to the public. Supervisory authorities, Financial Intelligence Units (FIUs), and the obliged entities shall be given access to it within the framework of the fulfilment of their due diligence obligations. It is intended that other persons or organisations that are able to demonstrate a legitimate interest should also be given access – as long as this is permissible under the respective national data privacy protection regulations. The registration office – wherever it will be in Germany – does not have to check this information. This will remain the duty of the obliged entities also in the future.
It remains to be seen whether the introduction of this register will reduce the investigation and identification efforts of the beneficial owners. The effort remaining after the implementation will depend on how the duty of the individual to not rely exclusively on the register will be transposed into German national law and also implemented in the administrative practice of the supervisory authorities. It is also difficult to foresee how to ensure in future that customers will in fact fulfil their obligations to obtain the necessary information concerning the beneficial owners.
The Fourth Anti-Money Laundering Directive is much more precise than the preceding directives with regard to how the Member States are to sanction violations of the anti-money laundering rules. In this respect, the penalty level in administrative proceedings relating to breaches of the anti-money laundering obligations has been drastically increased.
With regard to insurance companies and insurance intermediaries, the directive provides for fines for legal entities of at least €5 million or 10 per cent of the total annual turnover pursuant to the latest available financial statements of the obliged entity approved by its managing body. For natural persons, the fine is at least €5 million. For German insurers and insurance intermediaries, this is a significant increase. Previously, the fines in Germany were limited to a maximum of €100,000, as a rule.
Moreover, the natural persons or legal entities in question and the nature of their breach of the anti-money laundering rules is supposed to be disclosed to the public in the future (“naming and shaming”). The national supervisory authorities will also have to report all administrative sanctions and measures to the European Supervisory Authorities – including EIOPA. They will be obligated to link to the publications of the supervisory authorities on their websites.
It can thus be stated that, with regard to the requirements for the due diligence of the obliged parties, there will be no great changes compared to the current legal situation. It is of course up to the German legislature to enhance the provisions that exist anyway in the course of the transposition of the Fourth Anti-Money Laundering Directive into national law, because the directive only sets minimum standards in the Member States.
The enhanced catalogue of sanctions (higher fines and “naming and shaming”) should be emphasised. It may be awaited with interest how the German legislature will transpose the new directive into national law.