EUROPEAN COMMISSION Strasbourg, 5.7.2016 COM(2016) 450 final 2016/0208(COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directive 2009/101/EC (Text with EEA relevance) {SWD(2016) 223 final}

{SWD(2016) 224 final}



EXPLANATORY MEMORANDUM 1.CONTEXT OF THE PROPOSAL •Reasons for and objectives of the proposal This proposal sets out a series of measures to better counter the financing of terrorism and to ensure increased transparency of financial transactions and of corporate entities under the preventive legal framework in place in the Union, namely Directive (EU) 2015/849 (the "4AMLD"). It also sets out certain consequential changes to the relevant company law rules under Directive 2009/101/EC. The adoption of the updated Anti-Money Laundering rules in May 2015 represented a significant step in improving the effectiveness of the EU's efforts to combat the laundering of money from criminal activities and to counter the financing of terrorist activities. But the terrorist threat has grown and evolved recently. At the same time, fuelled by advances in technology and communications, the globally interconnected financial system makes it simple to hide and move funds around the world, by quickly and easily setting up layer upon layer of paper companies, crossing borders and jurisdictions and making it increasingly difficult to track down the money. Money launderers, tax evaders, terrorists, fraudsters and other criminals are all able to cover their tracks in this way. A sound financial system, with proper scrutiny and analytical tools in place, may, by helping to uncover anomalous transaction patterns, contribute to a better understanding of terrorist and criminal connections, networks and threats, and lead to relevant preventive actions by all competent authorities involved. However, gaps still exist in the oversight of the many financial means used by terrorists, from cash and trade in cultural artefacts to virtual currencies and anonymous pre-paid cards. This proposal seeks to address those gaps while avoiding unnecessary obstacles to the functioning of payments and financial markets for ordinary, lawabiding citizens and businesses, so balancing the need to increase security with the need to protect fundamental rights, including data protection, and economic freedoms. At the same time and in addition to terrorist financing issues, significant gaps in the transparency of financial transactions around the world have been revealed which indicate that offshore jurisdictions are often used as locations of intermediary entities that distance the real owner from the assets owned, often to avoid or evade tax. This proposal seeks to prevent the large-scale concealment of funds which can hinder the effective fight against financial crime, and to ensure enhanced corporate transparency so that true beneficial owners of companies or other legal arrangements cannot hide behind undisclosed identities. In the European Agenda on Security the Commission identified as a priority the upgrading of the EU legal framework to address terrorism. The conclusions of the Justice and Home Affairs Council on 20 November 2015, the Economic and Financial Affairs Council of 8 December 2015, as well as of the European Council of 18 December 2015 all stressed the need to further intensify the work in this field, building on the improvements made in the 4AMLD. On 2 February 2016, the Commission presented an Action Plan for strengthening the fight against terrorist financing that focuses on two main strands of action: tracing terrorists through financial movements and preventing them from moving funds or other assets; and disrupting the sources of revenue used by terrorist organisations, by targeting their capacity to raise funds. The Action Plan announced a number of targeted operational and legislative measures, including the present proposal, to be put in place rapidly. On 12 February 2016, the Economic and Financial Affairs Ministers Council called on the Commission to submit its proposal to amend the 4AMLD as soon as possible and no later than the second quarter of 2016. On 22 April 2016 the informal ECOFIN Council also called for action in particular to enhance the accessibility of beneficial ownership registers, to clarify the registration requirements for trusts, to speed up the interconnection of national beneficial ownership registers, promote automatic exchange of information on beneficial ownership, and strengthen customer due diligence rules. In its Resolution of 16 December 2015, the European Parliament had already stressed that improved transparency, coordination and convergence in relation to corporate tax policies provides an effective framework to guarantee fair competition between firms in the Union and protect state budgets from adverse outcomes. The proposed revision of the 4AMLD is also consistent with global developments. At international level, the UN Security Council Resolutions 2199(2015) and 2253(2015) called for measures to prevent terrorist groups from gaining access to international financial institutions. In addition, the G20 statement of 18 April 2016 calls on the Financial Action Task Force ('FATF') and the Global Forum on Transparency and Exchange of Information for Tax Purposes to make initial proposals to improve the implementation of the international standards on transparency, including on the availability of beneficial ownership information, and its international exchange. Effective supervision and enforcement are crucial to prevent money laundering, the financing of terrorism and crime in general. The Commission will be monitoring the correct transposition of the Union requirements in national law, as well as their effective implementation by Member States in practice. •Consistency with existing policy provisions in the policy area On 20 May 2015, a revised anti-money laundering and counter-terrorism financing (AML/CFT) framework was adopted. The revised rules consist of the 4AMLD and Regulation (EU) 2015/847 on information accompanying transfers of funds. The transposition date for the 4AMLD and the entry into force of Regulation (EU) 2015/847 is 26 June 2017. However, the Commission has encouraged Member States to anticipate the transposition date of the 4AMLD, and this proposal amends that date to 1 January 2017. The proposed amendments concern selected issues that Member States can already be called upon to address, within the ongoing process of transposition of the provisions of the 4AMLD. All measures aim to enhance the efficiency of the current AML/CFT system and have been drafted to coherently supplement it. Thus, this proposal lays down rules that build on the experience of Member States in transposing and implementing the 4AMLD (setting up central registers), answer the requests of those that effectively apply the rules (designation of new obliged entities, empower the national Financial Intelligence Units (FIUs), harmonisation of the approach towards high-risk third countries) and reflect the newest trends observed in the fight against money laundering and terrorism financing (improve access to beneficial ownership information). As such, this proposal provides a framework that should allow the national legal order of Member States to be up to date and better equipped to face current challenges. Member States, in light of commitments already undertaken, should be in a position to speed up the pace of transposition of these provisions. This proposal takes stock of the findings and assessment by the Commission through its existing mechanisms of evaluating Member States' legal and institutional frameworks and practice in the field of preventing money laundering and the financing of terrorism. It is based on data shared with the Commission in the context of transposing the 4AMLD. Also, the proposed amendments take into account relevant existing studies and reports (in particular those conducted in 2009 and 2012) on the application rules in place in Member States, all newly established international requirements (in particular the revised FATF Recommendations) and all information so far gathered through the opening of infringement procedures under Article 258 of the Treaty on the Functioning of the European Union. Moreover, in order to obtain a comprehensive and accurate view, the Commission has taken into account data made available through international cooperation in financial supervision. Regarding enforcement, this proposal builds on lessons learnt with the implementation of the existing anti-money laundering rules and puts a stronger focus on the implementation of the current rules. This proposal reflects the Commission's commitment to closely monitor the correct transposition of the directive and the effectiveness of Member States' national regimes. In this respect, the Commission will build on work already undertaken by the FATF (peer review process) or use the national risk assessments conducted by Member States as a basis for the effectiveness assessment. Finally, as regards company law and Directive 2009/101/EC, this Directive has already been transposed in the Member States. The proposed amendments to Directive 2009/101/EC create a new set of rules applicable to a clearly defined category of companies and trusts that reflect and complement the rules in the revised 4AMLD, aiming to ensure enhanced corporate transparency. Therefore, as they have a distinct scope of application, these new rules must be included in Directive 2009/101/EC, ensuring the necessary cross-references to the 4AMLD.

•Consistency with other Union policies The proposed amendments to the 4AMLD (and Directive 2009/101/EC) are in line with policy aims pursued by the Union, and in particular: –the criminal law framework with regard to offences relating to terrorist groups, and especially the incrimination of terrorism financing as included in the proposal for a Directive on combating terrorism, as well as the commitments undertaken by the Union when signing the Additional Protocol to the Council of Europe Convention on the Prevention of Terrorism; –the single market for payments establishing a safer and more innovative payment services across the EU, namely rules laid down in Directive (EU) 2015/2366 and Regulation 2015/751; –the legal framework setting up customer due diligence on financial accounts enabling the automatic exchange of financial account information in tax matters (by implementing the Global Standard) as foreseen by Directive 2011/16/EU, as amended by Directive 2014/107/EU; –the framework for effective public and private online services, electronic business and electronic commerce in the Union, as set up by Regulation (EU) No 910/2014; –the reformed data protection regime, stemming from Regulation (EU) 2016/679 and Directive (EU) 2016/680, and in line with the relevant case law of the Court of Justice of the European Union; –the digital single market, as set out in the Commission's Communication "A digital single market strategy for Europe" and the specific provisions on electronic identification and trust services for electronic transactions laid down in Regulation (EU) No 910/2014 (the "eIDAS Regulation"); –consumer protection and financial inclusion; –the objectives pursued by the Commission as indicated in its Communication on further measures to enhance transparency and the fight against tax evasion and avoidance. 2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY •Legal basis This proposal amends the 4AMLD, as well as Directive 2009/101/EC. It is therefore based on Articles 114 and 50 TFEU, which are the legal bases of the amended acts. •Subsidiarity In accordance with the principles of subsidiarity and proportionality as set out in Article 5 of the Treaty on European Union, the objectives of the proposal cannot be sufficiently achieved by Member States and can therefore be better achieved at the Union level. The proposal does not go beyond what is necessary to achieve those objectives. In line with existing rules in both the 4AMLD and Directive 2009/101/EC, under this proposal Member States have the right to adopt or retain measures that are more stringent than those set out in Union law. The existing legal framework enabling the financial system to prevent the financing of terrorism was set up at Union level. Improving the existing legal framework cannot be achieved by Member States acting autonomously. A thorough check of subsidiarity was performed in the context of adopting the 4AMLD. As organised criminal and terrorism financing can damage the stability and reputation of the financial sector and threaten the internal market, any measures adopted solely at national level could have adverse effects on the EU Single Market: an absence of coordinated rules across Member States aimed at protecting their financial systems could be inconsistent with the functioning of the internal market and result in fragmentation. Given the cross-border nature of the terrorist threats, the scope of the proposed rules needs to be sufficiently aligned, coherent and consistent at Union level to be truly effective. In addition, lack of an effective AML/CFT framework in one Member State may be exploited by criminals and has consequences in another Member State. Therefore, it is important to have a harmonised framework at Union level, as massive flows of "illicit" money and terrorist financing can damage the stability and reputation of the financial sector.. Clearly drafted rules requiring enhanced transparency for a broad range of economic operators, including undertakings and business-type trusts, address more than theoretical disparities in the functioning of the internal market. The risk of an impaired functioning of the internal market is a concrete one: all Member States are directly impacted by increasing efforts on unprecedented scale by criminals and their associates to disguise the origin of criminal proceeds or to channel lawful or illicit money for terrorist purposes.

•Proportionality The proposed amendments are limited to what is necessary to achieve the objectives of tackling terrorist financing and increasing corporate transparency, and build on rules already in force, in line with the principle of proportionality. A detailed description of alternative measures that could be envisaged to attain the objectives of this proposal is given in the accompanying Impact Assessment. With special regard to the timely identification of holders of bank and payment accounts by FIUs, the most proportionate of several options has been retained: Member States remain free to set up either a central banking registry, or a retrieval system, whichever means best fits their own existing framework. Likewise, concerning the enhanced customer due diligence measures obliged entities have to apply in respect of high-risk third countries, of all valid options, the one that ensures a harmonised approach at Union level while fully implementing international commitments undertaken is considered the most proportionate. In respect of designing providers of exchange services between virtual currencies and fiat currencies as obliged entities, the proposed amendments respect the proportionality principle. In order to allow competent authorities to monitor suspicious transactions with virtual currencies, while preserving the innovative advances offered by such currencies, it is appropriate to define as obliged entities under the 4AMLD all gatekeepers that control access to virtual currencies, in particular exchange platforms and wallet providers. The proposed measure takes into account, on the one hand, the fragmentation of financial information, and, on the other, the lack of direct, swift access to this information by FIU's and AML/CFT competent authorities. Furthermore, information that will be available must be accurate (i.e. the information should be precise enough in order to avoid targeting the wrong person) and limited to what is necessary (proportionality) to enable FIUs and AML/CFT competent authorities to match all the bank and payment accounts with their corresponding accountholders, proxy holders, and beneficial owners. In respect of prepaid instruments, acknowledging that they present a clear social interest as they are used in certain Member States to pay social benefits, the principle of proportionality dictates that due account be taken of the needs of financially vulnerable persons. Thus, the measures proposed seek to promote financial inclusion, and such prepaid cards will still be able to function as a de facto substitute for a bank account. In addition, given that it is necessary to balance the legitimate request for anonymity of payments by individuals with the requirements of effectively monitoring suspicious transactions, and given latest market trends and figures that indicate the average amounts of non-suspicious transactions with anonymous prepaid instruments, it is appropriate and proportionate to reduce the thresholds set out in the 4AMLD for transactions for which customer due diligence is not performed Proportionality has also been ensured in respect of transparency regimes for information on the beneficial owner of legal entities (companies, trusts, similar legal arrangements). Thus, a comprehensive analysis of legitimate requests by activists and NGOs, the need to ensure enhanced transparency of business relationships, legal standards in the field and particularly all rules regarding protection of privacy and personal data dictate that there should be a clear distinction made between categories of legal entities engaged in the management of trusts as a business, with a view to gain profit, and other categories. It is legitimate and proportionate to grant public access to a limited set of information on the beneficial owners of the first category of legal entities, while, in respect of the second category, such beneficial ownership information should only be made known to persons and organisations demonstrating a legitimate interest. •Choice of the instrument The current proposal is an amendment of the 4AMLD and Directive 2009/101/EC and, therefore, it is a directive. No alternative means – legislative or operational – can be used to attain the objectives of this proposal, which is to improve the existing framework that enables the financial system to prevent the financing of terrorism and ensure Union-wide harmonised rules on corporate transparency. 3.RESULTS OF STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS •Stakeholder consultations The Commission has aimed to ensure a wide participation of stakeholders throughout the policy cycle of this initiative, through a series of targeted consultations (bilateral contacts, meetings with stakeholders and experts, written consultations). As concerns terrorist financing, consultations were held with: –Member States and representatives of their public authorities; –representatives of the European Parliament; –representatives of the payment services sector (card schemes, issuers of prepaid cards, a representative association); –relevant virtual currencies market players: exchange platforms, wallet providers, a representative group of virtual currency stakeholders; –stakeholders belonging to the banking and financial sector;

–Financial Intelligence Units (EU FIU Platform); –Europol; –consumer organisations; –the European Data Protection Supervisor. In order to collect data, the Commission has sent a number of questionnaires/surveys. In December 2015, Member States (FIUs and public authorities) were asked to explore the agreed problem areas relating to terrorism financing, to seek policy views and data. All Member States replied by 22 January 2016. The questionnaire covered: how national authorities collect data to detect and assess suspected terrorist activities and how this information is used; a mapping of the existence of centralised national bank and payment accounts registers, or other similar mechanisms, such as central data retrieval systems, and to what extent this information can be used by national authorities to detect terrorist financing; examining the market structure and any regulatory responses at national level for prepaid instruments and virtual currencies, and the extent to which these instruments have been used in terrorist financing; tackling financial flows coming from high-risk third countries via enhanced due diligence measures/countermeasures. With respect to amendments proposed in order to enhance transparency of financial transactions and of corporate entities, the proposed amendments have been drafted in line with the views expressed by Member States in the informal ECOFIN Council of 22 April 2016, while at the same time answering the requests formulated by representatives of the Member States' competent authorities during transposition seminars for the Directive 2014/107/EU on administrative cooperation. •Impact Assessment The Impact Assessment draws on relevant reports issued by Union and international organisations such as the European Banking Authority (EBA), the European Central Bank (ECB), Europol, the Bank for International Settlements (BIS), and the FATF. It also draws on data made available to the public by international media. It addresses the following issues: (1)Suspicious transactions involving high risk-third countries are not efficiently monitored due to unclear and uncoordinated customer due diligence requirements; (2)Suspicious transactions made through virtual currencies are not sufficiently monitored by the authorities, which are unable to link the transactions to identified persons; (3)Current measures to mitigate money laundering and terrorist financing risks associated with anonymous prepaid instruments are not sufficient; (4)FIUs have limitations in ensuring timely access to – and exchange of – information held by obliged entities; (5)FIUs lack access, or have delayed access, to information on the identity of holders of bank and payment accounts. Non-legislative options to address the issues identified have been evaluated. The Commission could (i) formulate 'best practices' to overcome the practical obstacles identified in a mapping exercise, which is currently being conducted within the FIU platform; (ii) formulate recommendations to Member States (on a 'comply or explain' basis) in order to mitigate money laundering and terrorist financing risks identified during the suprantional risk assessment that is currently being conducted; and (iii) deepen its engagement within international fora dealing with counter-terrorist financing in order to strengthen cooperation and exchange of information in this strategic field. The need to formulate specific regulatory provisions was retained as essential and the most appropriate option. In respect of improving the effectiveness of EU policy for high-risk third countries, three regulatory options were examined. The option retained is to modify the 4AMLD by providing a prescriptive list of enhanced customer due diligence measures to be applied by obliged entities, combined with an illustrative list of countermeasures that could be applied when dealing with high-risk third countries designated by the Commission. With regard to improving the detection of suspicious virtual currency transactions, six regulatory options were examined. The option retained consists of a combination of means, namely (i) bringing virtual currency exchange platforms and (ii) custodial wallet providers under the scope of the Directive, while (iii) allowing more time to consider options as regards a system of voluntary self-identification of virtual currency users. Insofar as reducing the misuse of anonymous prepaid is concerned, five regulatory options were examined. Here, the option retained consists of a combination of means, namely (i) the suppression of anonymity for the online use of reloadable and non-reloadable prepaid cards, and (ii) the reduction of the existing € 250 threshold for anonymous prepaid cards to € 150 when used face-to-face. In order to improve FIU access to – and exchange of – information held by obliged entities, two regulatory options were examined. The option retained is to further clarify the legal obligations on FIUs by aligning the text of the 4AMLD with the latest international standards on the powers that FIUs should have when requesting additional information from obliged entities.

To provide FIUs (and potentially other competent authorities active in the anti-money laundering/counter-terrorist financing field) with an efficient mechanism to ensure timely access to information on the identity of holders of bank and payment accounts, three regulatory options were examined. The option retained is to put in place an automated central mechanism – such as a central registry or an electronic data retrieval system – at Member State level, allowing for the swift identification of account holders. This mechanism would be directly accessible to national FIUs and potentially other competent authorities active in the field of anti-money laundering or counter-terrorist financing. A second part of the Impact Assessment was specifically drafted to deal with issues concerning lack of transparency and measures to remedy access to beneficial ownership information. A first issue addressed is the non-systematic monitoring of the existing beneficial owners of existing customers like trusts, other legal arrangements and legal entities such as foundations. This allows circumvention of existing EU transparency standards found in Directive 2011/16/EU on Administrative Cooperation and an opportunity to hide illicit money, and requires new rules to be laid down at Union level. A second issue assessed is the publicity and transparency of the beneficial ownership registers for legal entities. The 4AMLD already establishes obligations in respect of the identification of the beneficial owners of legal entities and legal arrangements, the storing of that information and differentiated levels of access to it. With a view to better record such information and enhance access to it, the Impact Assessment analysed options ranging from (i) keeping the current system in place to (ii) making the optional system in the 4AMLD mandatory and (iii) establishing public access to information. The option retained as the most appropriate from a costs, impacts and legitimacy perspective was that of requiring Member States to disclose via a register beneficial information for companies and business-type trusts and other similar legal arrangements, while retaining the necessity to demonstrate a legitimate interest for access to that information in respect of trusts and other legal arrangements that do not qualify as business-type. In addition, the Impact Assessment addresses the need to set in place a coherent, uniform scheme for the registration of the beneficial ownership information of all trusts set up in the Union. Thus, starting from a detailed analysis of the current situation and the problems encountered in practice with the application of the registration system set out by the 4AMLD, a number of options are analysed: (i) keeping the current system; (ii) registration in jurisdiction of the governing law and (iii) registration in jurisdiction of administration. Option (iii) is retained as the most beneficial and the clearest, and supporting arguments are indicated: least cumbersome option for Member States, the easiest to apply. •Fundamental rights Article 6(1) of the Treaty on European Union states that the Union recognises the rights, freedoms and principles set out in the Charter of Fundamental Rights. The proposed measures include legal provisions to adequately respond to risks relating to financial crime, the evolving terrorist threats and the need for increased transparency. These measures will help to address and reduce the risk of terrorist attacks. While these measures have as final objective the protection of the financial system, they aim to offer all guarantees in order to balance the need for increased security with the need to protect fundamental rights, including data protection, and economic freedoms. Fundamental rights enshrined in the Charter of particular significance to this proposal are the following: the right to private and family life (Article 7), the protection of personal data (Article 8) and the freedom to conduct a business (Article 16 of the Charter). Extending the scope of the 4AMLD to virtual currency exchange platforms was duly analysed from the perspective of the rights to private life and the protection of personal data. AML/CFT legislation requires obliged entities to know their customers – as well as certain other persons who are not always their customers (e.g. beneficial owners) – and to assess their associated money laundering and terrorist financing (ML/TF) risks. For that purpose, obliged entities need to collect, process and record personal data, and sometimes to share such data with public authorities (such as FIUs) or with private entities within the same group. These requirements have implications for private persons while having an overall security impact (general interest). The proposed amendments are formulated in a clear and proportionate manner, setting out the required safeguards, and the Commission considers this necessary in order to achieve the objectives of enhancing the effectiveness of the fight against ML/FT and complying with new international standards. In addition, positive effects for consumers are expected as a result of the proposed rules on designating virtual currency exchange platforms as obliged entities. Reducing anonymity surrounding virtual currencies will contribute to increasing trust of their good-faith users. Similarly, due account was taken of the need to respect the freedom to conduct a business, and while there will be an impact on market players becoming obliged entities and currently not performing any customer due diligence (CDD) on their customers, the ability to operate a virtual currency exchange platform is not affected by the proposed amendments. By lowering the thresholds foreseen by the 4AMLD in respect of due diligence performed for pre-paid instruments, it is ensured that EU legislation reflects current market practice for non-reloadable cards, while at the same time respecting the needs and legitimate interests of users of such cards. The identification and verification of identity of the cardholders would only be requested above the proposed threshold or when a card, reloadable or not, is used for shopping online. The reinforced rules on access to beneficial ownership information have been thoroughly analysed from the perspective of ensuring respect of Articles 7 and 8 of the Charter. The amendments proposed seek to ensure a proper balance between the need to ensure protection of privacy and of personal data and the need for more transparency in financial and economic activities. By granting public access to beneficial ownership information for entities engaged in economic activities, additional guarantees to third parties wishing to do business with these companies are set in place. This allows greater scrutiny of information by civil society, including by the press or civil society organisations, and contributes to preserving trust in the integrity of business transactions and of the financial system. The set of data made available to the public is strictly limited and only concerns beneficial owners in their capacity as economic actors. The conditions under which access to information on beneficial ownership is granted are redefined, and clear access rules are established through an amendment to the 1st Company Law Directive (Directive 2009/101/EC), the Union legal act that lays down the rules on disclosure of company documents and the validity of obligations entered into by a company. With regard to trusts and other legal entities that qualify as business-type, the Directive relies on the concept of "legitimate interest" as a condition to access to beneficial ownership information. 4.BUDGETARY IMPLICATIONS The proposal does not have a budgetary impact for the Union budget. 5.OTHER ELEMENTS •Explanatory documents No explanatory documents on the transposition of the provisions of this proposal are considered necessary in addition to those already required from Member States by the provisions currently in force in both the 4AMLD and Directive 2009/101/EC. •Detailed explanation of the specific provisions of the proposal

The amendments to the 4AMLD target the following items: A. Designate virtual currency exchange platforms as obliged entities Currently, Article 2 of the 4AMLD defines the obliged entities that are within the scope of the Directive. The Commission proposes to amend Article 2, in order to add to the list of obliged entities virtual currency exchange platforms as well as custodian wallet providers. For legal certainty reasons, a definition of the term "virtual currency" is also proposed. Both at Union and international level, recent analysis has provided insights into the functioning of virtual currencies. A number of risks were highlighted especially in respect of providers of exchange services between virtual currencies and fiat currencies. Transactions with virtual currencies benefit from a higher degree of anonymity than classical financial fund transfers and therefore entail a risk that virtual currency may be used by terrorist organisations to conceal financial transfers. Possible further risks relate to the irreversibility of transactions, means of dealing with fraudulent operations, the opaque and technologically complex nature of the industry, and the lack of regulatory safeguards. Virtual currency transfers are currently not monitored in any way by public authorities within the EU, as no specific binding rules have been laid down, neither at Union level nor by the individual Member States, to set out conditions for such monitoring. To adequately respond to risks, it is essential to provide a regulatory framework for the functioning of exchanges as well as of custodian wallet providers that operate as gatekeepers permit the public to have access to the various schemes of virtual currencies As obliged entities under the 4AMLD, similarly to financial institutions, they become subject to the obligation to implement preventive measures and report suspicious transactions. The proposed measure has no negative effects on the benefits and technological advances presented by the distributed ledger technology underlying virtual currencies. The electronic distribution of digital cash offers potential efficiencies and, unlike physical cash, it brings with it a ledger of transactions that is absent from physical cash. This proposal takes due account of these advantages and acknowledges the fact that virtual currencies have highlighted innovative ways for governments to reduce fraud, corruption, error and the cost of paper-intensive processes. Similarly, the proposed measure is mindful of the fact that the virtual currency market has the potential to set in place new, modern ways in which governments and citizens interact, in terms of data sharing, transparency and trust, and can provide novel insights into establishing ownership and provenance for goods and intellectual property. From a data protection perspective, new obliged entities are designated, and they will have to process personal data (i.e. by performing customer due diligence). This new obligation established for public policy considerations is counter-balanced by the insertion of clear definitions of the obliged entities, who are informed of the new obligations they become subject to (collection and processing of financial personal data online) and the data protection elements that are specific to these obligations. B. Set lower maximum transaction limits for certain pre-paid instruments Under Article 12 of the 4AMLD, any Member State may allow obliged entities not to apply certain customer due diligence (CDD) measures with respect to electronic money, under certain conditions. Currently acknowledged terrorism financing risks posed by pre-paid cards are linked to CDD exempted general purpose (reloadable or non-reloadable) pre-paid cards that run on domestic or international schemes and to the ease of using those cards online. The Commission proposes to (i) lower (from 250 to 150 EUR) the thresholds in respect of non-reloadable pre-paid payment instruments to which such CDD measures apply and (ii) suppress the CDD exemption for online use of prepaid cards. This will better serve identification purposes and widen customer verification requirements. Limiting the anonymity of prepaid instruments will provide an incentive to use such instruments for legitimate purposes only, and will make them less attractive for terrorist and criminal purposes. At the same time, pre-paid cards will still be an accessible instrument. The Commission acknowledges that they carry a social value, help promote financial inclusion, and may be a useful instrument to buy goods and services online and as a substitute to bank accounts. The proposed measures are fully in line with rules already laid down by the 4AMLD in respect of pre-paid cards, and would not require additional obligations on the part of distributors of such instruments. C. Enable FIUs to request information on money laundering and terrorist financing from any obliged entity In line with commitments undertaken in the European Agenda on Security, the Commission proposes to amend Article 32 of the 4AMLD to facilitate FIUs cooperation, aligning rules for their access to information with the latest international standards. FIUs play an important role in identifying the financial operations of terrorist networks across borders and in detecting their financial backers. The latest international standards emphasise the importance of extending the scope of and the access to the information available to FIUs. That information is currently limited in certain Member States by the requirement that a prior suspicious transaction report has first been made by an obliged entity. FIUs should be able to obtain additional information from obliged entities, and should have access on a timely basis to the financial, administrative and law enforcement information they require to undertake their functions properly even without there having been a suspicious transaction report. The clarification of FIUs' mandate to request supplementary information from any obliged entity and have direct access to information held by obliged entities will ensure that the legislation in all Member States is aligned with international standards. This will better equip FIUs to collect the necessary information to assess suspicious transaction reports more efficiently and speed up detection of terrorist financing and money laundering activities. The task of further defining the conditions under which such requests for information may be made is left to the decision of the Member States. The Member States equally retain the right to adequately set out effective and proportional rules in respect of processing the information received. An FIU must respect rules governing the security and confidentiality of such information, including procedures for handling, storage, dissemination, and protection of as well as access to such information. D. Enable FIUs and competent authorities to identify holders of bank and payment accounts According to recital 57 of the 4AMLD, Member States are encouraged to put in place systems of banking registries or electronic data retrieval systems which would provide FIUs with access to information on bank accounts. Currently, such mechanisms are or have recently been put in place in a number of Member States. However, there exists no obligation at EU level to do so. As not all Member States have mechanisms in place allowing their FIUs to have timely access to information on the identity of holders of bank and payment accounts, some FIUs are hampered in the detection of criminal and terrorist financial flows at national level. Moreover, the FIUs concerned are also unable to exchange such information with their EU and non EU-counterparts, which complicates cross-border preventative action.

The Commission proposes to require Member States to set up automated centralised mechanisms enabling to swiftly identify holders of bank and payment accounts. This will allow Member States to choose between setting up (i) a central registry, containing the necessary data allowing for the identification of holders of bank and payment accounts, and granting their own national FIUs and AML/CFT competent authorities a full and swift access to the information kept in the registry, and (ii) other centralised mechanisms, such as central data retrieval systems, which allow the same objective to be met. FIUs and other AML/CFT authorities when fulfilling their obligations under this Directive must have efficient means to identify all bank and payment accounts belonging to one person through a centralised automated search query. This will lead to a faster detection - both nationally and internationally - of suspicious ML/TF transactions, and improve preventive action. This would allow Member States sufficient freedom in choosing the best means to attain the aim set out by the proposal. Where they set up a central mechanism, Member States will feed the mechanism with a harmonised set of minimum information, and, potentially, other information they consider necessary and proportionate for the prevention of money laundering and terrorist financing. They will further require the concerned financial institutions (or other entities) to periodically file or upload this information into the mechanism, and to define the technical and legal conditions for access to information by FIUs and AML/CFT competent authorities. At the same time, in order to respect privacy and protect personal data, such registries should store the minimum data necessary to the performance of AML/CFT investigations, the concerned data subjects should be informed that their data are recorded and accessible by FIUs and are given a contact point for exercising their rights of access and rectification. At national level, maximum retention periods (supported by adequate reasoning as to their duration) should be applicable to the registration of personal data in registries and provision should be made for their destruction once the information is no longer needed for the stated purpose. Access to such registries and databases should be limited on a "need to know" basis. E. Harmonise the EU approach towards high-risk third countries Article 18 of the Directive requires obliged entities to apply enhanced customer due diligence (ECDD measures) when dealing with natural or legal entities established in high risk third countries. Article 9 of the 4AMLD empowers the Commission to identify – by way of a delegated act - high-risk third countries that have deficient AML/CFT regimes in place, and therefore constitute an important risk for terrorist financing. That delegated act is to be adopted – and submitted to the scrutiny of the European Parliament and the Council – in July 2016. However, Member States are not at present required to include, in their national regimes, a specific list of ECDD measures and thus, heterogeneous implementation regimes of ECDD measures towards countries with deficiencies exist. Harmonisation of these measures will avoid or at the least limit the risk of forum-shopping based on how jurisdiction apply more stringent or less stringent regulations towards high-risk third countries. Therefore, the regulatory gaps that could be exploited for ML/TF activities are addressed. The ECDD proposed measures are fully compliant with the lists of such actions drawn up by the Financial Action Task Force ('FATF'). They will be considered as a minimum set of requirements to be applied by all Member States. The implementation of this complete set of ECDD will grant a more complete monitoring of the transaction as it will encompass checks on the customer, the purpose and nature of the business relationship, the source of funds, and the monitoring of the transactions. In addition, through the systematic approval of the senior management, the processing of the financial transaction will grant higher scrutiny. In the same vein, the list of countermeasures set out by FATF should be adequately reflected in Union legislation, and this proposal sets out a non-exhaustive list of mitigating measures Member States may decide to apply. F. Improve access to beneficial ownership information In Articles 30 and 31, the 4AMLD sets out rules on the collection, storing and access to information on the ultimate beneficial owner(s) of companies, trusts and other types of legal arrangements. Currently, those entities are required to hold accurate information on their beneficial ownership. The 4AMLD sets out a structured approach in respect to legal entities, differentiating between companies and trust and similar legal arrangements. The present proposal retains that structure. - Corporate and other legal entities Pursuant to Article 30 of the 4 AMLD, any person or organisation demonstrating a legitimate interest can access beneficial ownership information. In practice, complex ownership structures have been used to obscure links to criminal activities, tax obligations, the involvement of politically exposed persons and sanctioned individuals or jurisdictions. At the same time, differing approaches to transparency around ultimate beneficial owners also create challenges and confusion for companies, which need to dedicate significant resources to their own systems and controls, while investors, shareholders, and other stakeholders have to rely on publicly available and instantly accessible information about the control and ownership of listed companies. Understanding the beneficial ownership of companies is at the heart of the risk mitigation of financial crime and of prevention strategies for regulated firms. In addition, within the EU framework, this aspect is at the core of a nexus between the preventive regime in the 4AMLD and company law, namely the Directive 2009/101/EC, the Union legal act that lays down the rules on disclosure of company documents. The present proposal addresses this issue by means of an amendment to that Directive so that Member States will be required to ensure compulsory disclosure (public access) to a limited set of information on beneficial owners firms and legal entities engaging in profit-making activities as laid down in Article 54 TFEU. A good corporate governance infrastructure should combine transparency, accountability and integrity, and this includes knowledge of beneficial ownership.

The requirement to grant public access to beneficial ownership information is well founded as it will provide additional guarantees to third parties wishing to do business with those companies. The protection of minority investors and protection of stakeholders such as third parties wishing to do business with the entity or structure requires access to reliable information about the ownership, including the identity of the controlling owners, and control structures of companies and trusts alike. Public access also allows greater scrutiny of information by civil society, including by the press or civil society organisations, and contributes to preserving trust in the integrity of business transactions and of the financial system. It can contribute to combating the misuse of legal entities and legal arrangements both by helping investigations and through reputational effects, given that anyone who could enter into transactions with them is aware of the identity of the beneficial owner(s). It also facilitates the timely and efficient availability of information for financial institutions as well as authorities, including authorities of third countries, involved in the fight against these offences. - Trusts and other legal arrangements The 4AMLD gives competent authorities and FIUs access in a timely manner to beneficial ownership of trusts and other legal arrangements. Obliged entities may have access to the information within the framework of customer due diligence. The beneficial ownership information concerns a wide range of legal arrangements: express trusts specific to common law, but also similar entities such as Treuhand, fiducies or fideicomiso,and all assimilated legal arrangements such as foundations. In addition, current rules require that, where a trust generates tax consequences, a Member State must have in place a register containing the beneficial ownership information. Many of these trusts and similar legal arrangements are involved in commercial or business-like activities with a view to making profit, just like regular companies. Therefore, the same arguments in favour of public access to beneficial ownership information regarding this particular type of trusts remain valid. The regime set in place at Union level in respect of access to information must be coherent and ensure public access to beneficial information of this category of legal entities. At the same time, trusts and similar legal arrangements may also be set up for other purposes: preserving and setting conditions on use of family assets, charitable aims, or other purposes beneficial to the community. Such trusts and similar legal arrangements that do not qualify as business-type benefit from a different regime concerning privacy. The essential data on beneficial owners of such entities shall only be granted to persons or organisations holding a legitimate interest. The criteria for demonstrating legitimate interest are also clarified, by means of a recital. The approach proposed takes into account the particularities of trusts and similar legal arrangements. This way, irrespective of their qualification under national law, a distinction is drawn between, on the one hand, trusts which consist of any property held by or on behalf of a person carrying on a business which consists of or includes the management of trusts, and acting as trustee of a trust in the course of that business with a view to gain profit, and, on the other hand, any other trusts. Additional elements i) Corporate structures registered According to Article 3(6)(a) of the 4AMLD, a criterion to identify the beneficial owner of corporate entities is a threshold for shareholding of 25% plus one share or an ownership interest of more than 25%. The Commission proposes to lower to 10% the threshold set out in the 4AMLD in respect of certain limited types of entities which present a specific risk of being used for money laundering and tax evasion. For intermediary entities that do not have any economic activity and only serve to distance the beneficial owners from the assets, the 25% threshold is fairly easy to circumvent. Establishing a lower threshold where there is a specific risk will limit the scope of entities on which the obliged entities would need to collect additional information to those where the risk of use for illicit purposes is high. Accordingly, this enables the better detection of beneficial owner(s) with particular focus on entities that function as intermediary structures, do not create income on their own, but mostly channel income from other sources (defined as Passive Non-Financial Entities under Directive 2011/16/EU). ii) Existing customers Under Article 14(5) of the 4AMLD, a settlor of a trust is identified once customer due diligence is undertaken. The Commission proposes to request a systematic monitoring of beneficial owners of existing customers like trusts, other legal arrangements and legal entities such as foundations.

The potential source of funds/assets, where the risk of money laundering usually lies, cannot be assessed reliably until such a systematic review is performed. The lack of systematic monitoring does not allow detecting and assessing risks on time in certain cases. By applying customer due diligence to targeted existing customers, assessing the risk of money laundering and terrorism financing on time and reacting to it may be hindered by a lack of updated information on customers thus creating an opportunity to hide illicit money. In addition to the 4AMLD, other Union law rules are relevant in this regard and must be taken into account. The scope of beneficial ownership information under 4AMLD directly affects the reporting regime under Directive 2011/16/EU. The latter requires financial institutions to obtain a self-certification with respect to the beneficial owners of Passive Non-Financial Entities that hold pre-existing accounts with a balance over 1 million USD, as established in line with the Common Reporting Standard (‘CRS’) developed in the context of the Organisation for Economic Co-operation and Development (OECD). Building on this obligation imposed on the financial institution to contact the passive non-financial entity, synergies can be obtained by using this contact to update the beneficial ownership information in accordance with the latest standard of knowledge. iii) Place of monitoring and registration of trusts Under Article 31 of the 4AMLD, Member States must require that trusts "governed under their law" obtain and hold adequate, accurate and up-to-date information in particular on the trustee. The same article requires Member States to put in place, at national level, centralised registers of beneficial owners of trusts “which generate tax consequences”. The Commission proposes to clarify that the Member State which is concerned by these obligations is the one where a trust is administered. The current criteria relating to "governing law" and "generating tax consequences" are not understood consistently and should be clarified. In particular, it might be considered, based on the current text of Article 31 that, as long as a Member State does not recognise trusts under its law, that Member State is not subject to any obligation of monitoring and registration of trusts administered on its territory. This risks creating gaps in registration and is not in line with the objectives of the transparency requirements of the Directive. Moreover, the limitation of the registration requirement only to trusts which generate tax consequences is not fully consistent with the more encompassing obligation under the Directive to identify all types of trusts before entering into a business relationship. The provision of the current Directive is also inconsistent in the sense that the current registration requirement exempts from registration trusts that, due to lack of harmonisation of the tax systems, fall outside the scope of the taxation rules of Member States (e.g. due to having no tax residence anywhere). Such trusts not only do not pay taxes, but would also not be registered anywhere. The Commission's proposal is consistent with FATF Guidance on Transparency and Beneficial Ownership. iv) Interconnection of national registers The 4AMLD stresses the need to ensure a safe and efficient interconnection of national beneficial ownership registers. The Commission is tasked to draw up a report by June 2019 to assess the conditions and technical specifications and procedure for ensuring the interconnection. It is of the utmost importance to urgently address the risks that may be presented by cross-border misuse of legal entities and legal arrangements. As such, the Commission proposes to set up a direct interconnection of those registers. The interconnection will allow competent authorities, FIUs and obliged entities to identify the beneficial owners in an easiest and efficient way, and it will increase the transparency requirements on companies and trusts. It will also allow the public to access EU-wide the beneficial ownership information. In sum, the new approach to corporate transparency and access to beneficial ownership information addresses all the aspects that currently make up the scheme of beneficial ownership information: what is registered (entities for which information is registered), where registration must take place (which Member State is responsible for registration of a given entity), who is granted access to information (clearer access to information on beneficial ownership), how national registers should inter-relate. G. Clarify a number of existing provisions (i) Concept of competent authorities Despite being referenced throughout the text of the Directive, the term "competent authorities" is not always clear. This has led to divergent interpretations throughout the Union. This proposal includes a recital clarifying this matter. (ii) Exclusion of closed loop cards Closed loop cards are prepaid cards which can be used to acquire goods or services only in the premises of the issuer or within a limited network of service providers under direct commercial agreement with a professional issuer, or which can be used only to acquire a very limited range of goods or services. Taking into account the very limited money laundering and terrorist financing risks linked to closed loop cards, they are out of the scope of the definition of e-money for the purposes of the 4AMLD, which is consistent with the approach in Directive 2009/110/EC. (iii) Full consistency with provisions on electronic identification

One of the objectives of the 4AMLD is to properly identify and verify parties (whether natural or legal persons) to a transaction and/or a payment. Therefore, electronic identification and trust services (governed by the eIDAS Regulation) are relevant when opening bank accounts or accessing funds and/or tracing electronic transactions. Currently, the eIDAS framework is one of the cornerstones of the Digital Single Market covering all elements of an electronic identification and authentication. The 4AMLD should be updated to take account of the new legal framework on the mutual recognition of notified eID schemes and means, clearly making reference to technical means set out in the eIDAS Regulation and eliminating any potential incompatibilities. As such, references to electronic means of identifications set out by the eIDAS Regulation must be included in Article 13(1), Article 27(2), Article 40(1)(a) and (b) as well as in Annex III to the 4AMLD. Copies of original documents as well as electronic assertions, attestations or credentials should be recognised as valid means of identity proof under the 4AMLD.



2016/0208 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directive 2009/101/EC (Text with EEA relevance) THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION, Having regard to the Treaty on the Functioning of the European Union, and in particular Articles 50 and 114 thereof, Having regard to the proposal from the European Commission, After transmission of the draft legislative act to the national parliaments, Having regard to the opinion of the European Central Bank, Having regard to the opinion of the European Economic and Social Committee, Acting in accordance with the ordinary legislative procedure, Whereas: (1)Directive (EU) 2015/849 of the European Parliament and the Council constitutes the main legal instrument in the prevention of the use of the Union's financial system for the purposes of money laundering and terrorist financing. That Directive, which is to be transposed by 26 June 2017, sets out a comprehensive framework to address the collection of money or property for terrorist purposes by requiring Member States to identify, understand and mitigate risks related to money laundering and terrorist financing. (2)Recent terrorist attacks have brought to light emerging new trends, in particular regarding the way terrorist groups finance and conduct their operations. Certain modern technology services are becoming more and more popular as alternative financial systems and remain outside the scope of Union legislation or benefit from exemptions that may no longer be justified. In order to keep pace with evolving trends, further measures to improve the existing preventive framework should be taken. (3)While the aims of Directive (EU) 2015/849 should be pursued, any amendments to that Directive should be consistent with the Union's ongoing action in the field of countering terrorism and terrorism financing. The European Agenda on Security indicated the need for measures to address terrorist financing in a more effective and comprehensive manner, highlighting that infiltration of financial markets allows terrorism financing. The European Council conclusions of 17-18 December 2015 also stressed the need to take rapidly further action against terrorist finance in all domains.

(4)The Commission has adopted an Action Plan to further step up the fight against the financing of terrorism which underscores the need to adapt to new threats and to amend Directive (EU) 2015/849 to that effect. (5)Union measures must also accurately reflect developments and commitments undertaken at international level. UN Security Council Resolution 2199 (2015) urges States to prevent terrorist groups from gaining access to international financial institutions. (6)Providers of exchange services between virtual currencies and fiat currencies (that is to say currencies declared to be legal tender) as well as custodian wallet providers for virtual currencies are under no obligation to identify suspicious activity. Terrorist groups are thus able to transfer money into the Union's financial system or within virtual currency networks by concealing transfers or by benefiting from a certain degree of anonymity on those platforms. It is therefore essential to extend the scope of Directive (EU) 2015/849 so as to include virtual currency exchange platforms and custodian wallet providers. Competent authorities should be able to monitor the use of virtual currencies. This would provide a balanced and proportional approach, safeguarding technical advances and the high degree of transparency attained in the field of alternative finance and social entrepreneurship. (7)The credibility of virtual currencies will not rise if they are used for criminal purposes. In this context, anonymity will become more a hindrance than an asset for virtual currencies taking up and their potential benefits to spread. The inclusion of virtual exchange platforms and custodian wallet providers will not entirely address the issue of anonymity attached to virtual currency transactions, as a large part of the virtual currency environment will remain anonymous because users can also transact without exchange platforms or custodian wallet providers. To combat the risks related to the anonymity, national Financial Intelligence Units (FIUs) should be able to associate virtual currency addresses to the identity of the owner of virtual currencies. In addition, the possibility to allow users to self-declare to designated authorities on a voluntary basis should be further assessed. (8)Local currencies (also known as complementary currencies) that are used in very limited networks such as a city or a region and among a small number of users should not be considered as virtual currencies. (9)When dealing with natural persons or legal entities established in high-risk third countries, Member States must require obliged entities to apply enhanced customer due diligence measures to manage and mitigate risks. Each Member State therefore determines at national level the type of enhanced due diligence measures to be taken towards high-risk third countries. Those different approaches between Member States create weak spots on the management of business relationships involving high risk third countries identified by the Commission. Those gaps can be exploited by terrorists to channel funds in and out the Union financial system. It is important to improve the effectiveness of the list of high-risk third countries established by the Commission by providing for a harmonised treatment of those countries at Union level. This harmonised approach should primarily focus on enhanced customer due diligence measures. Nevertheless, Member States and obliged entities should be allowed to apply additional mitigating measures in addition to enhanced customer due diligence measures, in accordance with international obligations. International organisations and standard setters with competence in the field of preventing money laundering and combating terrorist financing may call to apply appropriate counters measures to protect the international financial system from the on-going and substantial money laundering and terrorist financing risks emanating from countries. Member States should enact and apply additional mitigating measures regarding high risk third countries identified by the Commission by taking into account calls for countermeasures such as those expressed by the Financial Action Task Force (FATF). (10)Given the evolving nature of ML/TF threats and vulnerabilities, the Union should adopt an integrated approach on the compliance of national AML/CFT regimes with the requirements at Union level, by taking into consideration an effectiveness assessment of those national regimes. For the purpose of monitoring the correct transposition of the Union requirements in the national regimes, their effective implementation and their capacity to accomplish a strong preventive regime in the field, the Commission should base its assessment on the national risk regimes, which shall be without be without prejudice to those conducted by international organisations and standards setters with competence in the field of preventing money laundering and combating terrorist financing, such as the FATF or Committee of Experts on the Evaluation of Anti-Money Laundering Measures (MONEYVAL). (11)General purpose prepaid cards have legitimate uses and constitute an instrument contributing to financial inclusion. However, anonymous prepaid cards are easy to use in financing terrorist attacks and logistics. It is therefore essential to deny terrorist this means of financing their operations, by further reducing the limits and maximum amounts under which obliged entities are allowed not to apply certain customer due diligence measures provided by Directive (EU) 2015/849. Thus, while having due regard to consumers' needs in using general purpose prepaid instruments and not preventing the use of such instruments for promoting social and financial inclusion, it is essential to lower the existing thresholds for general purpose anonymous prepaid cards and suppress the customer due diligence exemption for their online use. (12)While the use of anonymous prepaid cards issued in the Union is essentially limited to the Union territory only, that is not always the case with similar cards issued in third countries. It is therefore important to ensure that anonymous prepaid cards issued outside the Union can be used in the Union only where they can be considered to comply with requirements equivalent to those set out in Union legislation. The rule should be enacted in full compliance with Union obligations in respect of international trade, especially the provisions of the General Agreement on Trade in Services. (13)FIUs play an important role in identifying the financial operations of terrorist networks, especially across borders, and in detecting their financial backers. Due to a lack of prescriptive international standards, FIUs maintain significant differences as regards their functions, competences and powers. Those differences should however not affect an FIU's activity, particularly its capacity to develop preventive analyses in support of all the authorities in charge of intelligence, investigative and judicial activities, and international cooperation. FIUs should have access to information and be able to exchange it without impediments, including through appropriate cooperation with law enforcement authorities. In all cases of suspected criminality and, in particular, in cases involving terrorism financing, information should flow directly and quickly without undue delays. It is therefore essential to further enhance FIUs' effectiveness and efficiency, by clarifying the powers of and cooperation between FIUs. (14)FIUs should be able to obtain from any obliged entity all the necessary information relating to their functions. Unfettered access to information is essential to ensure that flows of money can be properly traced and illicit networks and flows detected at an early stage. When FIUs need to obtain additional information from obliged entities based on a suspicion of money laundering, such suspicion may be triggered by a prior suspicious transaction report reported to the FIU, but also through other means such as FIU's own analysis, intelligence provided by competent authorities or information held by another FIU. FIUs should therefore be able to obtain information from any obliged entity, even without a prior report being made by the individual obliged entity. A FIU should also be able to obtain such information on a request made by another Union FIU and to exchange the information with the requesting FIU. (15)Delayed access to information by FIUs and other competent authorities on the identity of holders of bank and payment accounts hampers the detection of transfers of funds relating to terrorism. National data allowing the identification of bank and payments accounts belonging to one person is fragmented and therefore not accessible to FIUs and other competent authorities in a timely manner. It is therefore essential to establish centralised automated mechanisms, such as a register or data retrieval system in all Member States as an efficient means to get timely access to information on the identity of holders of bank and payment accounts, their proxy holders, and their beneficial owners. (16)In order to respect privacy and protect personal data, such registries should store the minimum data necessary to the performance of AML investigations. The concerned data subjects should be informed that their data are recorded and accessible by FIUs and should be given a contact point for exercising their rights of access and rectification. When transposing these provisions, Member States should set out maximum retention periods (supported by adequate reasoning as to their duration) for the registration of personal data in registries and provide for their destruction once the information is no longer needed for the stated purpose. Access to the registries and databases should be limited on a need to know basis. (17)Accurate identification and verification of data of natural and legal persons is essential for fighting money laundering or terrorist financing. Latest technical developments in the digitalisation of transactions and payments enable a secure remote or electronic identification. Those means of identification as set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council should be taken into account, in particular with regard to notified electronic identification schemes and means that offer high level secure tools and provide a benchmark against which assessing the identification methods set up at national level may be checked. Therefore, it is essential to recognise secure electronic copies of original documents as well as electronic assertions, attestations or credentials as valid means of identity. (18)The beneficial ownership threshold set out in Article 3(6)(a) of Directive (EU) 2015/849 does not distinguish between genuine commercial corporate entities and those that have no active business and are mostly used as an intermediary structure between the assets or income and the ultimate beneficial owner. For the latter, the set threshold is easily circumvented, leading to no identification of the natural persons who ultimately own or control the legal entity. In order to better clarify beneficial ownership information as regards intermediary structures that adopt a corporate form, it is necessary to establish a specific threshold from which indication of ownership is inferred. (19)The approach for the review of existing customers in the current framework relies on a risk-based approach. However, given the higher risk for money laundering, terrorist financing and associated predicate offenses associated with some intermediary structures, that approach may not allow the timely detection and assessment of risks. It is therefore important to ensure that certain clearly specified categories of already existing customers are also monitored on a methodical basis. (20)Member States are currently required to ensure that legal entities incorporated within their territory obtain and hold adequate, accurate and current information on their beneficial ownership. The need for accurate and up-to-date information on the beneficial owner is a key factor in tracing criminals who might otherwise be able to hide their identity behind a corporate structure. The globally interconnected financial system makes it simple to hide and move funds around the world, and money launderers and terrorist financers as well as other criminals have increasingly made use of that possibility. (21)The specific factor determining the Member State responsible for the monitoring and registration of beneficial ownership information of trusts and similar legal arrangements should be clarified. In order to avoid that, due to differences in the legal systems of Member States, certain trusts are not monitored or registered anywhere in the Union, all trusts and similar legal arrangements should be registered where they are administered. In order to ensure the effective monitoring and registration of information on the beneficial ownership of trusts, cooperation among Member States is also necessary. (22)Public access by way of compulsory disclosure of certain information on the beneficial ownership of companies provides additional guarantees to third parties wishing to do business with those companies. Certain Member States have taken steps or announced their intention to make information contained in registers of beneficial ownership available to the public. The fact that not all Member States would make information publicly available or differences in the information made available and its accessibility may lead to different levels of protection of third parties in the Union. In a well-functioning internal market, there is a need for coordination to avoid distortions. (23)Public access also allows greater scrutiny of information by civil society, including by the press or civil society organisations, and contributes to preserving trust in the integrity of business transactions and of the financial system. It can contribute to combating the misuse of legal entities and legal arrangements both by helping investigations and through reputational effects, given that anyone who could enter into transactions with them is aware of the identity of the beneficial owners. It also facilitates the timely and efficient availability of information for financial institutions as well as authorities, including authorities of third countries, involved in the fight against these offences.

(24)Confidence in financial markets from investors and the general public depends in large part on the existence of an accurate disclosure regime that provides transparency in the beneficial ownership and control structures of companies. This is particularly true for corporate governance systems that are characterized by concentrated ownership, such as the one in the Union. On the one hand, large investors with significant voting and cash-flow rights may encourage long-term growth and firm performance. On the other hand, however, controlling beneficial owners with large voting blocks may have incentives to divert corporate assets and opportunities for personal gain at the expense of minority investors. (25)Member States should therefore allow access to beneficial ownership information in a sufficiently coherent and coordinated way, through the central registers in which beneficial ownership information is set out, by establishing a clear rule of public access, so that third parties are able to ascertain, throughout the Union, who are the beneficial owners of companies. It is therefore necessary to amend Directive 2009/101/EC of the European Parliament and the Council in order to harmonise the national provisions on disclosure of information on the beneficial ownership of companies, particularly for the purpose of protecting the interests of third parties. (26)A fair balance should be sought in particular between the general public interest in corporate transparency and in the prevention of money laundering and the data subjects' fundamental rights. The set of data to be made available to the public should be limited, clearly and exhaustively defined, and should be of a general nature, so as to minimize the potential prejudice to the beneficial owners. At the same time, information made accessible to the public should not significantly differ from the data currently collected. In order to limit the interference with the right to respect for their private life in general and to protection of their personal data in particular, that that information should relate essentially to the status of beneficial owners of businesses and trusts, and should strictly concern the sphere of economic activity in which the beneficial owners operate. (27)The disclosure of beneficial ownership information should be designed to give governments and regulators the opportunity to respond quickly to alternative investment techniques, such as cash-settled equity derivatives. On the other hand, legitimate majority shareholding should not be deterred from taking an active role in monitoring management in listed companies. For the functioning of financial markets that have become increasingly internationally-oriented and complex, it is essential that legal rules and requirements that enable information sharing on an international level be available and effectively implemented by national supervisory authorities. (28)The personal data of beneficial owners should be publicly disclosed in order to enable third parties and civil society at large to know who the beneficial owners are. The enhanced public scrutiny will contribute preventing the misuse of legal entities and legal arrangements, including tax avoidance. Therefore, it is essential that this information remains publicly available through the national registers and through the system of interconnection of registers for 10 years after the company has been struck off from the register. However, Member States should be able to provide by law for the processing of the information on beneficial ownership, including personal data for other purposes if such processing meets an objective of public interest and constitutes a necessary and proportionate measure in a democratic society to the legitimate aim pursued. (29)Moreover, with the same aim of ensuring a proportionate and balanced approach and to guarantee the rights to private life and personal data protection, Member States should provide for exemptions to the disclosure of and to the access to beneficial ownership information in the registers, in exceptional circumstances, where the information would expose the beneficial owner to the risk of fraud, kidnapping, blackmail, violence or intimidation. (30)Directive 95/46/EC of the European Parliament and of the Council , which will be replaced by Regulation (EU) 2016/679 of the European Parliament and of the Council, applies to the processing of personal data under this Directive. (31)As a consequence, natural persons whose personal data are held in the national registers as beneficial ownership information should be informed of the publication of their personal data before that publication takes place. Furthermore, only the personal data that is up to date and corresponds to the actual beneficial owners should be made available and the beneficiaries should be informed about their rights under the current Union legal data protection framework, as set out in Regulation (EU) 2016/679 and Directive (EU) 2016/680, and the procedures applicable for exercising these rights. (32)This Directive is without prejudice to the protection of personal data processed by competent authorities in accordance with Council Framework Decision 2008/977/JHA, which will be replaced by Directive (EU) 2016/680 of the European Parliament and of the Council. (33)Currently, companies and similar legal entities active in the Union are under an obligation to register their beneficial ownership information, whereas the same obligation does not apply to all trusts and other legal arrangements which present similar characteristics such as Treuhand, fiducies or fideicomiso set up in the Union. With a view to ensure that the beneficial owners of all legal entities and legal arrangements operating in the Union are properly identified and monitored under a coherent and equivalent set of conditions, rules regarding the registration of the beneficial ownership information of trusts by their trustees should be consistent with those in place in respect of the registration of beneficial ownership information of companies. (34)It is essential to take into account the particularities of trusts and similar legal arrangements, as far as publicly available information on their beneficial owner is concerned. Irrespective of their qualification under national law, a distinction should be drawn between, on the one hand, trusts which consist of any property held by or on behalf of a person carrying on a business which consists of or includes the management of trusts, and acting as trustee of a trust in the course of that business with a view to gain profit, and, on the other hand, any other trusts. Given the nature of the first category of trusts, information on their beneficial owners should be made publicly available through compulsory disclosure. Access should be given to the same limited set of data on the beneficial owner as in the case of companies. (35)In order to ensure proportionality, the beneficial ownership information in respect of any other trusts than those which consist of any property held by, or on behalf of, a person carrying on a business which consists of or includes the management of trusts, and acting as trustee of a trust in the course of that business with a view to gain profit should only be available to parties holding a legitimate interest. The legitimate interest with respect to money laundering, terrorist financing and the associated predicate offences should be justified by readily available means, such as statutes or mission statement of non-governmental organisations, or on the basis of demonstrated previous activities relevant to the fight against money laundering and terrorist financing or associated predicate offences, or a proven track record of surveys or actions in that field. (36)With a view to ensure a coherent and efficient registration and information exchange, Member States should ensure that their authority in charge of the register set up for the beneficial ownership information of trusts cooperates with its counterparts in other Member States, sharing information concerning trusts governed by the law of the first Member State and administered in another Member State. (37)It is important to ensure that anti-money laundering and terrorist financing rules are correctly implemented by obliged entities. In that context, Member States should strengthen the role of public authorities acting as competent authorities with designated responsibilities for combating money laundering or terrorist financing, including the FIUs, the authorities that have the function of investigating or prosecuting money laundering, associated predicate offences and terrorist financing, and seizing or freezing and confiscating criminal assets, as well as anti-corruption authorities, tax authorities, authorities receiving reports on cross-border transportation of currency and bearer-negotiable instruments and authorities that have supervisory or monitoring responsibilities aimed at ensuring compliance by obliged entities. (38)In accordance with the Joint Political Declaration of 28 September 2011 of Member States and the Commission on explanatory documents, Member States have undertaken to accompany, in justified cases, the notification of their transposition measures with one or more documents explaining the relationship between the components of a directive and the corresponding parts of national transposition instruments. With regard to this Directive, the legislator considers the transmission of such documents to be justified. (39)Since the objective of this Directive, namely the protection of the financial system by means of prevention, detection and investigation of money laundering and terrorist financing, cannot be sufficiently achieved by the Member States, as individual measures adopted by Member States to protect their financial systems could be inconsistent with the functioning of the internal market and with the prescriptions of the rule of law and Union public policy, but can rather, by reason of the scale and effects of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve that objective. (40)This Directive respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union, in particular the right to respect for private and family life (Article 7 of the Charter), the right to the protection of personal data (Article 8 of the Charter), the freedom to conduct a business (Article 16 of the Charter). (41)Given the need to urgently implement measures adopted with a view to strengthen the Union's regime set in place for the prevention of money laundering and terrorism financing, and seeing the commitments undertaken by Member States to quickly proceed with the transposition of Directive (EU) 2015/849, this Directive should be transposed by 1 January 2017. For the same reasons, the amendments to Directive (EU) 2015/849 and Directive 2009/101/EC should also be transposed by 1 January 2017. (42)The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 of the European Parliament and of the Council [and delivered an opinion on …], (43)Directives (EU) 2015/849 and 2009/101/EC should therefore be amended accordingly,

HAVE ADOPTED THIS DIRECTIVE: Article 1 Amendments to Directive (EU) 2015/849 Directive (EU) 2015/849 is amended as follows: (1)in point (3) of Article 2(1), the following points (g) and (h) are added: "(g) providers engaged primarily and professionally in exchange services between virtual currencies and fiat currencies; (h) wallet providers offering custodial services of credentials necessary to access virtual currencies."; (2)Article 3 is amended as follows: (a) in point (6)(a)(i), the following subparagraph is added: "For the purposes of Article 13(1)(b) and Article 30 of this Directive, the indication of ownership or control set out in the second paragraph is reduced to 10% whenever the legal entity is a Passive Non-Financial Entity as defined in Directive 2011/16/EU."; (b) point (16) is replaced by the following: "(16) 'electronic money' means electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC, but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;" ; (c) the following point (18) is added: "(18) 'virtual currencies' means a digital representation of value that is neither issued by a central bank or a public authority, nor necessarily attached to a fiat currency, but is accepted by natural or legal persons as a means of payment and can be transferred, stored or traded electronically."; (3)Article 12 is amended as follows: (a) paragraph 1 is amended as follows: (i) in the first subparagraph, points (a) and (b) are replaced by the following: "(a) the payment instrument is not reloadable, or has a maximum monthly payment transactions limit of EUR 150 which can be used only in that Member State; (b) the maximum amount stored electronically does not exceed EUR 150;";

(ii) the second subparagraph is deleted; (b) paragraph 2 is replaced by the following: "2. Member States shall ensure that the derogation provided for in paragraph 1 is not applicable in the case either of online payment or of redemption in cash or cash withdrawal of the monetary value of the electronic money where the amount redeemed exceeds EUR 50."; (c) the following paragraph 3 is added: "3 Member States shall ensure that Union credit institutions and financial institutions acting as acquirers only accept payments carried out with prepaid cards issued in third countries where such cards meet requirements equivalent to those set out in points (a), (b), (c) of the first subparagraph of Article 13(1) and Article 14, or can be considered to meet the requirements in paragraphs 1 and 2 of this Article."; (4) in Article 13(1), point (a) is replaced by the following: "(a) identifying the customer and verifying the customer's identity on the basis of documents, data or information obtained from a reliable and independent source, including, where available, electronic identification means as set out in Regulation (EU) No 910/2014*; _________________________________________________________________ * Regulation (EU) No 910/2014 of the European Parliament and the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73)." (5)in Article 14, paragraph 5 is replaced by the following: "5. Member States shall require that obliged entities apply the customer due diligence measures not only to all new customers but also at appropriate times to existing customers on a risk-sensitive basis, or when the relevant circumstances of a customer change, or when the obliged entity has a duty in the course of the relevant calendar year, to contact the customer for the purpose of reviewing any information related to the beneficial owner(s), in particular under Directive 2011/16/EU."; (6)in Article 18 (1), the first subparagraph is replaced by the following: "In the cases referred to in Articles 19 to 24, as well as in other cases of higher risk that are identified by Member States or obliged entities, Member States shall require obliged entities to apply enhanced customer due diligence measures to manage and mitigate those risks appropriately."; (7)The following Article 18a is inserted: "Article 18a

1. With respect to transactions involving high risk third countries, Member States shall require that, when dealing with natural persons or legal entities established in the third countries identified as high-risk third countries pursuant to Article 9 (2), obliged entities shall apply at least all the following enhanced customer due diligence measures: (a)obtaining additional information on the customer; (b)obtaining addition information on the intended nature of the business relationship; (c)obtaining information on the source of funds or source of wealth of the customer; (d)obtaining information on the reasons for the intended or performed transactions; (e)obtaining the approval of senior management for establishing or continuing the business relationship; (f)conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination; (g)requiring the first payment to be carried out through an account in the customer's name with a bank subject to similar CDD standards. 2. In addition to the measures provided in paragraph 1 and in compliance with international obligations of the Union, Member States may require obliged entities, when dealing with natural persons or legal entities established in the third countries identified as high-risk third countries pursuant to Article 9(2) to apply one or several additional mitigating measures: (a) requiring financial institutions to apply additional elements of enhanced due diligence; (b) introducing enhanced relevant reporting mechanisms or systematic reporting of financial transactions; (c) limiting business relationships or financial transactions with natural persons or legal entities from the identified country. 3. In addition to the measures provided in paragraph 1, Member States may apply one of the following measures to third countries identified as high-risk third countries pursuant to Article 9(2) in compliance with international obligations of the Union: (a) refusing the establishment of subsidiaries or branches or representative offices of financial institutions from the country concerned, or otherwise taking into account the fact that the relevant financial institution is from a country that does not have adequate AML/CFT systems; (b) prohibiting financial institutions from establishing branches or representative offices in the country concerned, or otherwise taking into account the fact that the relevant branch or representative office would be in a country that does not have adequate AML/CFT systems; (c) prohibiting financial institutions from relying on third parties located in the country concerned to conduct elements of the customer due diligence process; (d) requiring financial institutions to review and amend, or if necessary terminate, correspondent relationships with financial institutions in the country concerned; (e) requiring increased supervisory examination or external audit requirements for branches and subsidiaries of financial institutions based in the country concerned; (f) requiring increased external audit requirements for financial groups with respect to any of their branches and subsidiaries located in the country concerned. 4. When enacting or applying the measures set out in paragraphs 2 and 3, Member States shall take into account, as appropriate relevant evaluations, assessments or reports drawn up by international organisations and standard setters with competence in the field of preventing money laundering and combatting terrorist financing, in relation to the risks posed by individual third countries.

5. Member States shall notify the Commission before enacting or applying the measures set out in paragraphs 2 and 3."; (8)in Article 27, paragraph 2 is replaced by the following: "2. Member States shall ensure that obliged entities to which the customer is referred take adequate steps to ensure that the third party provides immediately, upon request, relevant copies of identification and verification data, including, where available, data obtained through electronic identification means as set out in Regulation (EU) No 910/2014, and other relevant documentation on the identity of the customer or the beneficial owner."; (9)Article 30 is amended as follows: (a) in paragraph 5, point (c) of the first subparagraph and the second subparagraph are deleted; (b) paragraph 6 is replaced by the following: "6. The central register referred to in paragraph 3 shall ensure timely and unrestricted access by competent authorities and FIUs to all information held in the central register without any restriction and without alerting the entity concerned. It shall also allow timely access by obliged entities when taking customer due diligence measures in accordance with Chapter II. Competent authorities granted access to the central register referred to in paragraph 3 shall be those public authorities with designated responsibilities for combating money laundering or terrorist financing, including tax authorities and authorities that have the function of investigating or prosecuting money laundering, associated predicate offences and terrorist financing, tracing and seizing or freezing and confiscating criminal assets."; (c) paragraphs 9 and 10 are replaced by the following: "9. In exceptional circumstances to be laid down in national law, where the access referred to in point (b) of paragraph 5 would expose the beneficial owner to the risk of fraud, kidnapping, blackmail, violence or intimidation, or where the beneficial owner is a minor or otherwise incapable, Member States may provide for an exemption from such access to all or part of the information on the beneficial ownership on a case-by-case basis. Exemptions granted pursuant to this paragraph shall not apply to credit institutions and financial institutions, and to the obliged entities as referred to in point (3)(b) of Article 2(1) that are public officials. 10. Member States shall ensure that the central registers referred to in paragraph 3 of this Article are interconnected via the European Central Platform established by Article 4a(1) of Directive 2009/101/EC. The connection of the Member States' central registers to the platform shall be set up in accordance with the technical specifications and procedures established by implementing acts adopted by the Commission in accordance with Article 4c of Directive 2009/101/EC. Member States shall ensure that the information referred to in paragraph 1 of this Article is available through the system of interconnection of registers established by Article 4a(2) of Directive 2009/101/EC, in accordance with Member States' national laws implementing paragraph 5 of this Article. Member States shall cooperate among themselves and with the Commission in order to implement the different types of access in accordance with paragraph 5."; (10)Article 31 is amended as follows: (a) paragraph 1 is replaced by the following: "1. Member States shall ensure that this Article applies to trusts and other types of legal arrangements having a structure or functions similar to trusts, such as, inter alia, fiducie, Treuhand or fideicomiso. Each Member State shall require that trustees of any express trust administered in that Member State obtain and hold adequate, accurate and up-to-date information on beneficial ownership regarding the trust. That information shall include the identity of:

(a) the settlor; (b) the trustee; (c) the protector (if any); (d) the beneficiaries or class of beneficiaries; (e) any other natural person exercising effective control of the trust."; (b) the following paragraph 3a is inserted: "3a. The information referred to in paragraph 1 shall be held in a central register set up by the Member State where the trust is administered."; (c) paragraph 4 is replaced by the following: "4. Member States shall ensure that the information held in the register referred to in paragraph 3a is accessible in a timely and unrestricted manner by competent authorities and FIUs, without alerting the parties to the trust concerned. They shall also ensure that obliged entities are allowed timely access to that information, pursuant to the provisions on customer due diligence laid down in Chapter II