The 4.1AMLD is set to impact everyone from digital currency processors to exchanges and wallets

The past month has brought many changes to the regulatory field, with the EU strengthening transparency rules to tackle terrorism financing, tax avoidance and money laundering throughout Europe.

The European Commission (Commission) has introduced some significant changes to the 4th AML Directive (4AMLD), with the announcement of a revised AML Directive (1) (4.1AMLD). Meanwhile, CySEC have released a new directive on customer due diligence (2), for remote verification of customers, with the European Supervisory Agencies (ESA) having also released draft ‘Risk Factors Guidance’ (3). These changes significantly affect the way merchants identify customers within Europe and it is important to understand how they will impact business.

The 4.1AMLD is set to impact virtual/digital currency processors, exchanges and wallets, as well as the more conventional AML obliged entities including prepaid card operators, FX, CFD’s, binaries, securities. The 4AMLD had already included online gaming and wagering for the first time, which will result in a step change from current practices for this sector as well.

The most significant changes in the new 4.1AMLD include:

• bringing forward the start date from 26th of June 2017 to the 1st of January 2017,

• the inclusion of operators which offer exchange between fiat and virtual currencies and wallet providers for virtual currencies (Coinify.com launched with iSignthis in anticipation of this).

• inclusion of gaming and wagering services into the directive

• the introduction of ‘lifetime’ rather than ‘annual’ KYC thresholds for eMoney operations

• significantly lower KYC thresholds from EUR 2500 annually, to EUR 250 or even EUR 150 applicable when customer surpasses the lifetime aggregate.

• tighter restrictions on application of Simplified Due Diligence (SDD) for e-money,

• expressly allowing e-ID to be the basis for verification,

• expanding circumstances when Customer Due Diligence (CDD) should be re-done and changing the rules about high risk jurisdictions.

• expanded definition of high risk situations, and application of enhanced due diligence to remote transactions.

Most of this is not surprising, given that the Commission has been vocal about tightening up on AML/CFT since the Paris and Brussels attacks. The Commission, in its media release dated 2 February 2016 (4), had already stated that it wanted to bring the 4AMLD forward to the end of 2016.

However, some of the other changes in 4.1 AMLD have come out of seemingly nowhere, as far as industry is concerned.

From an iSignthis perspective, it is business as usual, and we continue to provision remote KYC and transaction monitoring to meet either the 3AMLD, 4AMLD or 4.1AMLD for our customers.

In a trend consistent with the 4.1AMLD, CySEC’s new customer due diligence directive raises the bar for CDD requirements to be applied by Cyprus Investment Funds (CIF’s), Documents needing to be either original or certified – simply uploaded scans are out, as they are not subject to any sort of independent verification – a requirement also of the ESA draft ‘Risk Factors Guidance’. Uploaded documents may however be used in support of other remote verification elements, but not as a primary means. Whilst the directive introduces electronic verification, it is an updated 2016 version of the 2014 approach that UK operators would be familiar with under the JMLSG (5), due to the requirements with respect to real time, alerting, quality and updates of the reference data. 

CySEC has confirmed that documents must be either original or certified as true copies in their physical form – directly addressing the practice of some CIFs who have been using uncertified copies uploaded by end customers as the sole or primary basis for identity verification. The directive requires that CIF’s establish procedures to satisfy themselves as to the quality, completeness, validity and reliability of the information to which they have access. The directive also requires that the review process includes both positive and negative information.

In terms of remote verification, many methods were approved by CySEC to verify a customer’s identity. Although, CIFs will need to assess each on a risk based approach, together with the quality and reliability of the source data or information. CySEC still requires (uploaded) copies of documents to be collected when using any of the remote verification elements, as this upload provides support in identification and verification of a customer.

We are proud to provide a Digital KYC service that meets or exceeds both CySEC and the 4.1AMLD requirements. We welcome enquiries from CIF’s or merchants in any jurisdiction with regards to how we can assist with your customer due diligence requirements.

Footnotes

1. http://ec.europa.eu/justice/criminal/document/files/aml-directive_en.pdf (link)

2. http://www.cysec.gov.cy/CMSPages/GetFile.aspx?guid=6486396d-6a47-48b5-bba0-ae34a52d9b63 (link)

3. https://www.eba.europa.eu/regulation-and-policy/anti-money-laundering-and-e-money/guidelines-on-risk-factors-and-simplified-and-enhanced-customer-due-diligence/-/regulatory-activity/consultation-paper (link)

4. http://europa.eu/rapid/press-release_IP-16-202_en.htm (link)

5. http://www.jmlsg.org.uk/ (link)

About John Karantzis

John Karantzis is founder and Managing Director/CEO of Australian Securities Exchange listed iSignthis. John holds qualifications in engineering (University of Western Australia), law and business (University of Melbourne; University of Melbourne Business School). With over 20 years of experience spanning a number of sectors, he has a broad understanding of international regulatory regimes as they relate to payments and identity.

About iSignthis

iSignthis is the global leader in dynamic, digital AML/CFT KYC identity proofing. Our Paydentity solution incorporates real time electronic verification to converge remote payment authentication and KYC identification. This delivers automated customer on-boarding with a global reach of any of the world’s 3.5Bn financially included persons, no matter where they are located. iSignthis’ unique solutions protect online customers whilst assisting merchants with CNP liability shift and providing operators with 100% confidence.