For Startups

EU tightens measures to combat Money-Laundering

Financial institutions and other entities falling under the European Union anti-money laundering regime would now have to consider not only Financial Assets Task Force (‘FATF’) list of the jurisdictions with weak measures to combat money laundering and terrorist financing (commonly referred to as ‘FATF blacklist’) in their risk assessment practices, but also the list of third countries with weak AML/CFT regimes drawn out by the European Commission. And for the first time, this list includes Top 20 World’s Economies.

What happened?

On February 13, 2019, the European Commission (‘Commission’) adopted changes to the list of the non-EU countries with strategic deficiencies in their AML/CFT frameworks. Notably, the Commission’s list includes 12 countries that have been already added to the FATF blacklist together with 11 additional jurisdictions. So, currently, the Commission’s list consists of 23 countries.

The aim of this move is to protect the EU financial system, which follows the highest AML/CFT standards, by better preventing money laundering and terrorist financing risks and ensuring that illegally gained money from third countries does not integrate to the EU financial market.

As reported, the countries chosen for the assessment by the Commission meet at least one of the following criteria:

•    they have systemic impact on the integrity of the EU financial system;

•    they are reviewed by the International Monetary Fund as international offshore financial centers; or

•    they have economic relevance and strong economic ties with the EU.

Based on the expertise of FATF, the Commission has also considered the level of existing threat, the legal framework, and controls put in place to prevent money laundering and terrorist financing risks and their effective implementation.

What does it mean?

As long as the Commission’s list becomes effective, the EU member states will have to commit to a higher level of scrutiny for transactions involving customers and financial institutions form the listed countries in order to better identify any suspicious money flows. This will also stand for the provision of faster access for law enforcement agencies undertaking counterterrorism investigations.

When to expect?

The list was adopted in the form of a so-called ‘delegated regulation’, which requires further submission to the European Parliament and Council for approval within one month (with a possible one-month extension). Once approved, the Delegated Regulation will be published in the Official Journal and will enter into force 20 days after its publication.

What is notable?

Amongst others, four United States territories turned up on the list, which was a quite unexpected move from the EU. In particular, these are American Samoa, Guam, Puerto Rico, and the U.S. Virgin Islands.

On the same day, the action was addressed by The US Department of the Treasury, which expressed “significant concerns about the substance of the list and the flawed process by which it was developed”, the administration said in its press release.

The Department insists on the contradiction of the Commission’s list to FATF methodology (notably, mentioned US territories are not included in FATF list) and totally rejects the inclusion of the US territories on the list, arguing that the same AML/CFT legal framework that applies to the continental US also applies to all US territories.

What is even more unexpected is that the Department stated it does not expect US financial institutions to take the Commission’s list into account in course of their AML/CFT policies and procedures.

Another noteworthy thing is the first ever Top 20 Economies (according to IMF) appearance on the Commission’s list and it is referred to the Kingdom of Saudi Arabia.

Nevertheless, in its press release on the matter, the Kingdom reaffirms that “it is strongly committed to the common fight against money laundering and terrorism financing, a commitment that it shares with its international partners and allies.” It is also stated that Saudi Arabia will continue to communicate with the Commission and looks forward to a constructive dialogue with its partners in the European Union to contribute to strengthening and supporting the means of countering money laundering and terrorism at the international and regional levels.

In this case, the United Kingdom government has taken the position similar to that one taken by the US with regard to the US territories. Like this, the UK has pushed back against the inclusion of Saudi Arabia to the list. And it is completely justified, considering the close economic ties between London and Riyadh.

By the way, it is important to recall that the European Parliament and Council are able to veto a delegated act of the Commission, so it would be definitely interesting to follow the further updates on the Commission’s list entrance into legal force and its fulfillment by the EU and US entities.

What should business do?

Recent tendencies within the EU legislation demonstrate that the EU becomes more rigorous in its AML/CFT efforts. This means that we can expect not only legislative and regulatory changes, but also increased attention to and oversight of regulated entities, namely banks and non-banking financial institutions.

In return, covered businesses may strive to adjust their risk scoring models by including newly-listed jurisdictions as those posing increased risk, in their response to tightening regulatory requirements and expectations. However, a practice of the last two decades demonstrates that many companies prefer to completely exclude particular types of businesses or entire jurisdictions from their clientele, rather than effectively mitigate correspondent risks (so-called “de-risking”).

Nevertheless, where one drops the opportunity, other picks it up. It is our position that a meaningful system of internal controls leveraged by cutting-edge regulatory technology solutions (known as ‘RegTech’) will equip businesses enough to find a balance between business opportunities and AML/CFT compliance. And if you check the recent statements from the US financial regulators about RegTech, you will find that the future of compliance is here.

Stay tuned with us on the most recent actions in regulatory compliance.

Disclaimer: the information in this article is provided for informational purposes only. You should not construe any such information as legal, tax, investment, financial, or other advice.

Serhii Mokhniev, CAMS

Kristina Nikipolska

Need a lawyer in this area?



European Union

6 years in AML

A Certified Anti-Money Laundering Specialist (CAMS), Member of AML/CFT committee in...

Legal Nodes Blog

For Startups
Ultimate guide to connecting Virtual Data Protection Officer

Connecting Virtual DPO can greatly reduce start-up’s data protection costs. This article explains who the Data Protection Officer is, why you should consider outsourcing DPO services, and how to pick one that matches the needs of your business....

Legal Nodes Team
Privacy (GDPR)
Cookie Policy: How to Track Website Users Lawfully

The recent study of the Nederlandse Omroep Stichting (the ‘NOS’), a Dutch news media, showed that more than 1,300 Dutch websites violate the privacy of their users. The violation found by the NOS is simple - the users cannot use the websites wit...

Legal Nodes Team
For Startups
Why Your Startup Needs a Founders' Agreement + Template 2021

Founders Agreement – the key step to set clear intentions for you and your partners and to avoid misunderstandings in the future. In a new post on the Legal Nodes blog, we explain what a Founders Agreement is, reasons for your startup to prepare...

Legal Nodes Team
For Startups
Terms of Use that your users will actually read

In this article Legal Nodes Team talks about Terms of Use, how to write them effectively and why you need them in the first place. You could find a FREE template at the end of this article....

Legal Nodes Team
Privacy (GDPR)
How Can You Leverage a Privacy Kit More Effectively?

In this article, Punit Bhatia, a leading privacy expert, shares how small businesses can become privacy compliant by using Privacy Kits in an effective and why just branding the documents and templates in name of your company is not a good idea....

Punit Bhatia
Legal Nodes Updates
Legal Nodes in 2020: A Year in Review

Despite the fact that for many 2020 will be strongly associated with the coronavirus pandemic and lockdown measures, it would be a mistake to forget all the good things that happened this year. Especially when the festive season approaches, and ...

Legal Nodes Team
Privacy (GDPR)
Internet data mining. Is it legal in the EU?

Data mining is the process of collecting and analyzing human-readable data for own purposes. More and more businesses are built on that concept, scientists and medics also use automatically combined data from different sources to spawn predictio...

Ewa Wojnarska-Krajewska
Privacy (GDPR)
11 simple (but complete) steps towards the GDPR compliance in 2020

The GDPR can be a wake-up call to sort out your processes, procedures and technology and thereby run a more successful organisation. Data is now more essential than ever, regardless of your activities or market sector. Not only will efficiencies...

Thomas Hayes
Contract Work
Force Majeure Clauses and the Effect of Coronavirus on Businesses

The coronavirus pandemic has made force majeure clauses one of the hottest legal topics worldwide. To help businesses navigate this issue, we asked Tom Bohills, an English qualified lawyer and the Founder of Chronos Law, to explain the backgrou...

Tom Bohills