On 11 December 2018, the German Financial Supervisory Authority (BaFin) published its Guidance Notes on the German Money Laundering Act (Auslegungs- und Anwendungshinweise zum Geldwäschegesetz – Guidance Notes).
Pursuant to the German Money Laundering Act (GwG), BaFin has to provide obliged entities belonging to the financial sector with (regularly updated) interpretation and application notes for the implementation of the due diligence and internal safeguard measures to prevent money laundering. Within their scope of application, the Guidance Notes supersede the previous notes which had been prepared by the associations of the financial sector in cooperation with BaFin and which have become partly obsolete with the transposition of Fourth EU Anti-Money Laundering Directive (Directive (EU) 2015/849 – AMLD4) on 26 June 2017. This is particularly relevant for the Notes of German Banking Industry Committee (Hinweise der Deutschen Kreditwirtschaft – GBIC Notes) dated 1 February 2014.
The Guidance Notes are addressed, inter alia, to the following obliged entities:
- credit institutions, financial services institutions, payment institutions and electronic money institutions (including the German branches of EEA institutions operating under a European passport and of third country institutions);
- insurance undertakings;
- capital management companies;
- financial holding companies and mixed financial holding companies.
The Guidance Notes are immediately binding for these obliged entities; internal compliance measures, guidelines and processes have to be adjusted with immediate effect. In this context, it is of particular importance to note that the penalties for violations of the GwG have been significantly increased in connection with the implementation of AMLD4. Obliged financial sector entities could incur administrative penalties of up to EUR 5 million or up to 10 percent of the preceding year's aggregate turnover.
Obliged entities outside the financial sector (e.g., real estate agents, organisers and retailers of games of chance, traders in goods), are, however, not bound by the Guidance Notes. Further clarification of the provisions of the GwG for these obliged entities is to be provided by the respective competent supervisory authorities.
Changes in content
The Guidance Notes clarify some of the questions that had arisen in connection with the implementation of AMLD4 and the relating restatement of the GwG. At the same time, however, it is to be noted that the Guidance Notes are, in some respects, less detailed than the GBIC Notes. Of the numerous individual questions, we would like to address only two topics of the Guidance Notes Interpretation and Application Notes that are of particular relevance in practice:
- The Guidance Notes contain detailed requirements regarding the AML officer (Geldwäschebeauftragter, AML officer) and his/her deputy. Particularly noteworthy are the provisions regarding incompatibilities: The Guidance Notes introduce the new legal presumption that a member of the management level may, as a general rule, only be appointed as AML officer in obliged entities with less than fifteen full-time equivalents in which there is no suitable employee on any level other than the management level.
- As regards the functions of an AML officer, BaFin, amongst other things, explicitly refers to the most recent decision of Frankfurt Higher Regional Court as of 10 April 2018 (ref.: 2 Ss-Owi 1059/17) on the AML officer's (comprehensive) responsibility for timely reporting of suspicions.
- As regards the exemption from the obligation to appoint an AML officer pursuant to Sec. 7 (2) GwG, BaFin seems to follow a restrictive line: With respect to obliged entities with more than fifteen employees, in “groups of companies” (Unternehmensgruppen) and in case of “cross-border business structures” (grenzüberschreitenden Unternehmensstrukturen), BaFin generally assumes an adverse risk of losing information conflicting with an exemption. In case of small German branches of EEA institutions, however, this practice gives rise to doubts since these branches would always entail a cross-border element and, thus, would be denied the possibility of an exemption.
Repeated use of identification:
- In the Guidance Notes, BaFin establishes precise criteria according to which a previous identification performed by a third party may be referred to for purposes of a new identification.
- As substantive requirements: (i) the previous collection of identification data must not have taken place more than 24 months ago; (ii) there must be no doubt about the correctness of the identification data; and (iii) the validity date of the identification document may not have expired at the time the identification data is used; the date of the previous identification must be disclosed.
- As personal requirement pursuant to an earlier draft version of the Guidance Notes, the third party had to be an “obliged entity under the GwG” (nach dem GwG Verpflichteter) that collected the data “in accordance with the provisions of the GwG”. In the final version of the Guidance Notes, however, BaFin now appears to have extended the personal scope: Under certain circumstances, a group member that is an “obliged entity” in another EU member state under the respective national implementation of AMLD4 may also be eligible. Also, the identification data may have been collected (for purposes of the establishment of a business relationship) pursuant to unspecified “AML provisions”
- It should be noted that, in connection with the general rules relating to the performance of customer due diligence by third parties, BaFin states that it is not possible to rely on the due diligence conducted by a non-German third party based on foreign law with respect to clients domiciled in Germany. Therefore, despite the wider personal scope described above, BaFin may probably still require that the previous identification conducted by the third party was also conducted “in accordance with the GwG” in case of clients domiciled in Germany in order to prevent a circumvention of German AML rules.
- In practice, the use of a previous identification by a third party may be relevant, for example, in case of a transfer of existing business within a group as a result of Brexit.
Obliged entities belonging to the financial sector should examine whether their internal compliance measures are in line with the requirements of the Guidance Notes. In practice, one of the challenges will be that the Guidance Notes provide significantly less practical examples when compared to the GBIC Notes. The obliged entity itself is responsible for identifying and deciding whether or not any measures are to be taken. In order to avoid allegations of incorrect implementation - or lack - of compliance measures (which could result in substantial fines), the internal compliance measure should be carefully assessed.