Blockchain law: A "Telegram" to SAFTs: "Beware!"
Robert Schwinger discusses one approach issuers have tried in order to avoid facing securities law requirements: SAFTs.
A register of ultimate beneficial owners (the “UBO Register”) has been set up by the law dated January 13, 2019 with effect from March 1, 2019 implementing provisions of the fourth Anti-Money Laundering Directive dated May 20, 2015 (the “AML Directive”) into Luxembourg Law (Loi instituant un Registre des bénéficiaires effectifs, the “Law”).
The UBO Register will record information on individuals having effective control over Luxembourg entities which are not listed on a recognized exchange market, i.e. the so called ultimate beneficial owners (the “UBO”) as defined in the law dated November 12, 2004 implementing the second Anti-Money Laundering Directive (the “AML Law”). Such effective control can either derive from the direct or indirect holding of a significant percentage of the shares, units or voting rights or by any other means.
Each and every UBO has to provide the following information to the UBO Register
In some cases, members of the board of managers could be regarded as UBOs. Despite the commentary of the Luxembourg Chamber of Commerce, the Law does not clearly state that for investment funds of a corporate nature, the information included in the UBO Register is to be limited to the members of the board of managers. The upcoming implementing Grand-Ducal Decree should clarify this issue.
The UBO Register will contain information on the following entities registered within the Luxembourg Trade and Companies register (the “Obliged Entity”)
Contrary to the first version of the Bill, the Luxembourg lawmaker added branches of foreign entities (commercial or civil companies, economic interest and European economic interest groupings subject to other European regulations) and mutual funds (Fonds Commun de Placement, FCPs) in the list of the Obliged Entities.
Listed companies on a regulated market in Luxembourg, in another member state of the European Economic Area, or in another third country which has equivalent international standards, are in the scope of the UBO Register. However, these entities must only disclose on which market they are listed.
The Obliged Entity or its representative must collect and register the information within one month as from the moment the Obliged Entity became aware or should have been aware of the event implying a registration or an amendment.
For the first registration, the Obliged Entity or its representative (mandataire) must provide the relevant information by September 1, 2019. While the French term “mandataire” used in the Law is quite vague, it should in our view be clarified who is able to act as representative of an Obliged Entity by the implementing decree which has not been published yet (Règlement grand-ducal portant exécution de la loi instituant un Registre des bénéficiaires effectifs, the “Implementing Decree”).
The Law provides that besides the Obliged Entities, the notary, as drafter of the deed of incorporation or any amending act of the Obliged Entity, can also (but is not compelled to) request the information to be recorded in the UBO Register.
The UBO Register will be managed by a department under the authority of the Minister of Justice that currently manages the Luxembourg Trade and Companies Register (but using a separate database) (the “Administrator”). The Minister of Justice will be regarded as the data controller within the meaning of the EU regulation 2016/679 dated April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the so called “GDPR”.
The Obliged Entity shall apply for registration on the Administrator’s website according to procedures to be defined in the implementing Grand-Ducal Decree. The Administrator shall register the UBO related relevant information within three days from the request of the Obliged Entity.
Such request may be denied if the application is incomplete, does not comply with legal or regulatory provisions or if the data requested to be recorded is inconsistent with the supporting documentation. In such case, the Obliged Entity has 15 days to provide the required information. If the Obliged Entity fails to provide the information or supporting documents on time, the Administrator will refuse the registration. The Obliged Entity will then have the right to appeal that decision.
The applicant or any other interested person may appeal under an accelerated procedure usually governing summary proceedings (procédure de référé). If the Court confirms the Administrator decision, the Obliged Entity has again 15 days to comply failing which the state prosecutor would be informed accordingly.
Any final and binding decision ordering a registration or an amendment of a registration shall be enforced by the Administrator.
In accordance with the AML Directive and contrary to the requirements of the initial draft of the Law that require “complete” information, the Obliged Entity must provide adequate, accurate and up-to-date information at any time to meet the requirements of the AML Directive. In line with this objective, the Obliged Entities must also maintain their own “internal” UBO register.
In this respect, the UBO must provide all the necessary information to comply with this regulation and the supporting documents to the Obliged Entity. The latter must store the information and documents in its registered office. After the deregistration from the Luxembourg Trade and Companies Register, the Obliged Entity must disclose the place where such information would be available for a five-year period.
The information reported in the UBO Register is publicly available to a certain extent.
Anybody can access the information with respect to UBOs excluding the private or professional address and the national identification number. The Obliged Entity shall provide upon reasoned request and within three days such information to professionals in the financial sector, as defined by the AML law (such as for instance credit institutions, insurance undertakings UCITs management companies and Alternative Investment Fund Managers), for the purpose of their compliance obligations.
Public authorities, including among others the public prosecutor, the regulator (Commission de Surveillance du Secteur Financier, CSSF), the Commissariat aux Assurances (CAA) and the tax authorities, have access to all the information of the UBO Register. The public authorities can also demand the Obliged Entity to provide upon simple request and within three days any requested data.
In all cases, access is only granted to information and not to the supporting documents. The Administrator can also provide certified excerpts and certificate of the UBO Register.
Any person having access to the information contained in the UBO Register as well as the professionals subject to the AML Law have to inform the Administrator within 30 days, as soon as they notice either erroneous data, the lack of all or part of the data in the UBO Register, or the lack of registration, modification or deletion of an Obliged Entity.
In such case, the Administrator will send to the Obliged Entity a request to provide or update the information. If the latter fails to comply within 30 days, the Administrator shall forward the file of such Obliged Entity to the State Prosecutor.
The Administrator can also verify the accuracy of the information it manages by itself and can request additional or updated information if it deems fit.
The Obliged Entities or the UBOs shall not be informed of any consultation of the UBO Register nor have they access to the identity of the persons or bodies having checked the UBO Register. However, the Administrator shall store the details of every checking person for five years.
The Obliged Entity and its UBO(s) may request access to the UBO Register to be restricted for a maximum three-year period (renewable) to public authorities, credit and financial institutions, bailiff and notaries acting in their capacity of public officer only in “exceptional circumstances where access would expose the UBO to the risk of fraud, kidnapping, blackmail, violence or intimidation, or where the beneficial owner is a minor or legally disabled”.
The information will be stored for a five-year period after the deregistration of the Obliged Entities from the Luxembourg Trade and Companies Register. The supporting documents of the registration or any amendment will also be stored for five years.
Obliged Entities may suffer a fine ranging from €1,250 to €1,250,000 if they do not comply with their obligation to gather information on their UBOs, to provide it to the UBO Register and to store it.
The fines may also apply if an Obliged Entity (i) does not provide the requested information on time, (ii) submits incomplete, outdated or inaccurate information to the UBO Register or; (iii) provides outdated or inaccurate information to public authorities and professionals as defined by the AML Law. It is to note that this section of the Law still sanctions incomplete information provided whereas the Law’s obligation is to provide adequate information and not complete information.
Similarly, a fine ranging from €1,250 to €1,250,000 may apply to a UBO who did not provide the necessary information and documents to the Obliged Entity.
Such criminal fines go beyond the mandatory provisions of the AML Directive and have been inserted at the discretion of Luxembourg. Germany retained similar amounts whereas France or Belgium have introduced fines of a maximum of €50,000 only.
It is worth noting that the Luxembourg Criminal law states that the maximum fine in criminal matters that a corporate body may suffer is €750,000. Therefore, it will be interesting to see whether the Criminal Law will be amended to allow fines up to €1,250,000. According to the Conseil d’Etat it could even be considered as disproportionate and thus not compliant with the European Chart of fundamental rights.
Similar rules are being introduced for trusts through two bills. The first one that gave rise to a law dated August 10, 2018 provides that trustees are required to obtain and hold adequate, accurate and up to date information on the settlor, the trustee(s), protector (if any), the beneficiaries or the category of beneficiaries and any other persons exercising effective control over the trust.
Under the law of August 10, 2018, trustees are also required to disclose that they act as trustees when they enter into a business relationship or occasionally perform transactions exceeding a certain threshold with professionals subject to the AML Law. This information must be provided to national authorities upon request and must be updated within a reasonable time after any change.
Trustees must comply with the above mentioned obligations within six months from the entry into force of the law.
Such obligation is subject to administrative sanctions up to €1,250,000 and is subject to judicial remedy.
A second bill which has not been voted yet provides for the creation of a trust register in which information on the beneficial owner(s) of all trust agreements (fiducie) for which the trustee is established in Luxembourg and is entailing tax consequences should be included.
Contrary to the UBO Register, access to the trust register should be limited to Luxembourg national authorities.
Simultaneously, a bill was introduced in November 2017 implementing the Directive 2016/2258 as regards access to anti-money-laundering information (DAC 5) and is enforceable since August 2018.
Within the framework of international tax cooperation, this law allows Luxembourg national (direct and indirect) tax authorities to access, not only to the UBO information (as under the UBO Register regime) but also to the mechanisms, due diligence procedures, documents and information gathered by the professional of the financial sector under current AML rules.
Robert Schwinger discusses one approach issuers have tried in order to avoid facing securities law requirements: SAFTs.
The COVID-19 pandemic has resulted in an unusual complex global economic dis-equilibrium where disruption seems to be the only constant.
While capital markets rely on companies to provide timely and accurate information, and investors, shareholders and others rely on companies to provide financial reports that have been through a rigorous audit process, government and regulators in the UK recognise that the COVID-19 pandemic is creating huge challenges for both corporate reporting and audit processes.