Lawmakers are continuously updating Anti-Money Laundering (AML) legislation to address the evolving methods of money laundering, fraud, and cybercrime. The EU’s 6th Anti-Money Laundering Directive (6AMLD) went into effect for obliged entities, such as banks, financial institutions, money service businesses and gaming companies on June 3, 2021. The 6AMLD has expanded the scope of money laundering and those who can be charged.
Given the dynamic nature of AML legislation, forward-thinking companies that might not currently be included in the list of obliged entities should begin implementing best practices from AML and KYC procedures to future-proof their business. With the ease of digital transactions giving rise to micro-money laundering on P2P and gig economy platforms, various digital businesses could become included in the next round of AML legislation. As each new directive builds on previous ones, it’s important for businesses of all industries to stay informed. Before delving into how companies can stay compliant and increase security, it’s important to first take a closer look at what makes the 6AMLD different from the directives that preceded it:
What’s new in the 6AMLD?
A unified definition of money laundering and list of predicate offences
The 6AMLD aims to clarify ambiguities in prior AMLDs by creating a unified money laundering definition across the EU. In addition, the 6AMLD has introduced a list of 22 predicate offences (crimes that generate the money to be laundered), including environmental crime and cyber crime. It is important to note that charges can be brought against someone if there there is proof of money laundering, even if how it happened is not specified.
Addition of aiding and abetting, inciting and attempting to money launder as criminal offences
The 6AMLD extends criminal offences to aiding and abetting, inciting and attempting money laundering, which widens the types of businesses and individuals who could be at risk. As a result, anyone convicted of such charges can face penalties similar to those of principal offenders.
Extension of criminal liability to legal persons
Instead of just companies paying fines, individuals with decision or control powers can be held liable for money laundering offences. Intention does not need to be proven; lack of supervision or negligence can also be grounds for prosecution.
Cross-country cooperation for prosecution of money laundering
Should a money laundering offence take place in multiple jurisdictions, the respective EU member states must collaborate and agree to prosecute in a single member state. This closes loopholes between EU states and also increases scrutiny on business’ regulatory compliance.
The 6AMLD calls for stricter criminal penalties, increasing the minimum prison sentence for money laundering offences from one year to four years. This is an addition to the administrative sanctions and measures outlined in prior AMLDs, which include a temporary or permanent ban from doing business.
What does this mean for businesses?
With member states increasingly aligned on what constitutes money laundering and how it should be regulated and punished, it becomes easier for businesses to expand in the European market without having to drastically rethink their KYC and customer due diligence (CDD) practices every time an office opens in a new jurisdiction.
That being said, the inclusion of aiding and abetting as a criminal offence, severe negligence as sufficient for culpability, and liability extended to legal persons, make it more important than ever for businesses to have robust and effective AML measures in place. AML compliance should go beyond the bare checklist minimum and be designed to increase security to protect an online business from fraud and cybercrime.
Incorporating proper identity verification into your onboarding process and establish CDD protocols to not only monitor usage of your services to spot suspicious behavior, but also submit reports to regulators should it become necessary. By identifying who your customers are and assessing their risk level, you can determine whether a simplified or enhanced CDD protocol should be used. For instance, should your business encounter a potential customer who is a politically exposed person (PEP), it is a regulatory requirement to conduct enhanced due diligence (EDD) and ongoing monitoring. Not knowing a PEP’s identity when regulators question will mean that your business has failed in its KYC procedures.
Establishing effective AML measures is achieved through collaborative efforts between teams throughout a company. Product teams implementing features and selecting third-party integrations are critical for not only enhancing customer experiences, but increasing operational efficiency and compliance.
What can your product team do?
Product teams are indispensable when it comes to finding KYC tools that are effective and scalable for AML efforts. To increase safety for both their company and end users, product teams can do the following:
Build identity verification into user onboarding
Digital identity verification solutions for KYC measures provide a cost-effective compliance solution for businesses, without adding to your operational overhead. Ask yourself which identity verification tool best suits the requirements of your industry. Compare providers, making sure to pay special attention to integration methods, customer service support and the security posture of the company.
Communicate with end users to build trust
Simply integrating identity verification into your product is not enough. Users must also feel comfortable and confident handing over official ID and biometric information. With public concern over surveillance, companies have to build trust through transparency – sharing how their technology works and how information is being used.
Increase security with biometric authentication
Text-based passwords remain a security risk and requiring customers to adopt more secure 2FA methods such as with authentication apps or a Yubi-key is high friction. Moving to a passwordless authentication method that uses an individual’s unique biometric features not only improves customer experience, but helps you confidently identify your customer with each login or transaction.
Offer user-friendly tools for internal teams
Make sure your compliance and customer service teams are able to comfortably use the ID verification solution you have chosen and that your product and marketing teams can easily add customizations. For example, you can check out Passbase Workflows, where you can drag verification flows and make customizations from the Passbase dashboard, no coding required.
Design for compliance and security
Securing your business is not just about using AI or automated identity verification solutions. Instead, effective compliance should employ a mix of automation for scalability and manual checks for security. When thinking about improving user experiences such as onboarding, factoring in compliance may lead you to a more effective feature, such as choosing a video selfie that not only performs identity verification, but also doubles as liveness detection.
Product teams are constantly needing to prioritise requests and considerations from different departments, whether it is tracking for marketing or data exports for compliance and reporting. By understanding the concepts behind 6AMLD, product teams can confidently assess solutions that improve customer experiences, secure the business against fraud, and meet regulatory requirements.
Passbase offers a 30-day free trial for teams to test how our identity verification features, such as identity verification, liveness detection, age and additional document checks, and CDC vaccination card scans fit into your existing product. We have support for web, mobile and server-side SDKs as well as an API. You can check out our developer docs and integration guide to get started.
To see any of our features live, you can also book a demo!