AML laws and regulations in both the United States and the European Union have evolved significantly over time, focusing not only on traditional financial institutions but also expanding to incorporate digital transactions, reflecting the ever-changing landscape of global finance and the increasingly sophisticated methods used in money laundering and terrorist financing.
The AML laws and regulations in the US and the European Union aim to prevent money laundering and terrorist financing incidents, by requiring institutions to strengthen their internal processes and systems. Following the broader AML/KYC-related regulatory requirements implemented in the United States and European Union countries.
The AML Laws and Regulations
The Currency and Foreign Transactions Reporting Act of 1970, commonly referred to as the Bank Secrecy Act or BSA, which was substantially amended by the Patriot Act in 2001, provides the basis for most of the preventative measures applied to the financial sector and other businesses. The Bank Secrecy Act was intended to prevent the use of secret foreign bank accounts and assist law enforcement agencies by legislating for regulatory reporting and record keeping by financial institutions.
The Act requires US organizations, especially financial institutions, including branches and subsidiaries of foreign banks working in the US, too:
- File reports of cash transactions exceeding $10,000, daily aggregate amount, cash transaction reports (CTRs).
- Report suspicious activity that might signify money laundering, tax evasion, or other criminal activities, suspicious activity reports (SARs), and
- Maintain a paper trail by keeping appropriate records for financial transactions. It is interesting to note that the definition of ’financial institution’ in the BSA includes casinos.
The BSA introduced the CTR requirements for financial institutions. The CTR is a report that must be filed, in the appropriate format, on transactions greater than $10,000 made by one person in one business day, which include aggregated transactions where the financial institution believes they are on behalf of the same person.
The types of transactions required to be reported include cash withdrawals and deposits, foreign currency exchange, cashing a cheque, cash payments, cash purchase of monetary instruments, ATM cash transactions, and incoming/outgoing wire transfers paid in cash.
The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act 2001, USA PATRIOT Act or just the Patriot Act, was signed by President George W. Bush on 26 October 2001, barely seven weeks after the September 11 terrorist attacks. A powerful, unusually speedy, reaction to the attacks, the Patriot Act, which comprises over 900 pages of legislation, has had far-reaching consequences for financial institutions both within the US and throughout the world.
The Patriot Act introduced the need for certain financial institutions to have customer identification programs (CIPs) for new customers as well as specifying enhanced due diligence (EDD) measures for correspondent banking and private banking customers, especially for non-US persons. The Act made several significant enhancements to pre-existing US AML legislation, as well as imposing a raft of new obligations about customer due diligence (CDD) procedures for US private banking and correspondent bank accounts involving non-US persons.
The most significant requirements relating to AML/CFT and the provision of financial services covered in the Patriot Act concern a variety of special measures, the facilitation of cooperative AML measures, the prohibition of unlicensed money transmitters, and the creation of significant extraterritorial powers.
The Act confers on the US Treasury the power to name foreign jurisdictions, financial institutions, and transactions that are of primary money laundering concern and require financial institutions to implement ‘special measures’ for them. These special measures include:
- Additional record keeping for, and reporting of, certain transactions
- The collection of information relating to beneficial ownership of accounts
- The collection of information relating to certain ’payable through’ accounts (an account maintained by a respondent that permits the respondent’s customers to engage either directly or through a sub-account, in banking activities)
- The collection of information relating to certain correspondent accounts the prohibition of, or imposition of conditions on, the opening of correspondent or ‘payable-through’ accounts.
These sections of the Act encourage and create a formal process to enable, government agencies and financial institutions to share information on suspected money launderers and terrorists. The formal process enables the US Financial Intelligence Unit (FIU) of FinCEN, to advise financial institutions about such suspects and require searches to be conducted for accounts of such persons.
Additionally, it enables a financial institution to advise FinCEN of intentions to share information on suspected money laundering or terrorist financing with other financial institutions. This does not allow a financial institution to disclose the filing of a SAR, although the underlying customer information and transactional data can be shared.
Perhaps the most significant aspects of the Patriot Act for both non-US institutions and persons are as follows.
- US banks must take reasonable steps to identify the beneficial owners of accounts beneficially owned by foreign persons.
- US banks must identify foreign persons whose funds move through payable or correspondent bank accounts held with them.
- US banks must sever correspondent banking relationships with all foreign shell banks.
- International correspondent accounts and correspondent relationships with offshore banks and banks in jurisdictions deemed to be non-cooperative in the international effort against money laundering.
- The Act extends the ‘long-arm jurisdiction’ of the US courts over any person or organization that commits a money laundering offense involving a financial transaction that occurs in the US.
The Act extends the extraterritorial criminal jurisdiction of the US over any person outside the jurisdiction who engages in any act involving US currency which, if it had been committed in the US, would constitute an offense.
The Financial Crimes Enforcement Network (FinCEN), delegated by the Secretary of
the Treasury, and the other primary federal regulators or self-regulatory organizations
(e.g., Financial Industry Regulatory Authority (FINRA), and the US Securities Exchange Commission (SEC) have the authority to assess civil penalties.
The EU Member States, to contribute to strengthening the AML/KYC framework, are developing efficient and robust means of customer due diligence (CDD) and Know Your Customer (KYC), by opening up the mutualization opportunities and fostering a digital economy within EU Member States. The customers’ electronic identification and remote KYC processes are the subject domain for the EU Member States. The scope for portable CDD solutions is particularly the core area of consideration, by the EU Member States for the banking sector. The targets for the EU Member States are to curtail money laundering, drug-trafficking-related proceeds, tax evasion, terrorist financing, human trafficking, and state-sponsored and corporate bribery.
The measures are taken to consider the key challenges of building on the electronic ID interoperability framework with additional sets of attributes to enhance the CDD measures and KYC framework. It includes the assessment of the necessary set of measures that are necessary for CDD purposes, in the banking sector and the appropriate level of required assurance for the implementation of CDD processes.
The following three broad topics are considered that are: How CDD attributes can meaningfully be related to the defined Levels of Assurance in general and what benefits the KYC and CDD framework may bring to the financial sector to achieve desired regulatory objectives. It is acknowledged that the multi-dimensional impact of KYC processes in the digital age has been aimed at KYC solutions to bring enhanced process improvements and facilitate KYC-related services within the EU as well as financial inclusion.
Money laundering has been criminalized in Europe and the predicate offenses have widened from drug trafficking to the proceeds of all crimes. Europol has established itself internationally in anti-money laundering (AML) practices. The Egmont Group has grown into a large international organization consisting of various financial intelligence units, representing the operational arm of AML/CFT to complement the strategic arm of the FATF. Fifteen EU Member States are direct FATF members, and the remaining thirteen are members of Moneyval, the European regional version of FATF.
Strengthening the existing ML/TF framework and adjusting it to digital/remote onboarding interaction reducing the fragmentation of the EU KYC landscape and ensuring a level playing field for cross-border services eliminating regulatory arbitrage opportunities.
The three dimensions must not be viewed in isolation nor as intrinsically in conflict, as it is believed that progress can be achieved in all areas simultaneously. The high level of customer onboarding practices can be attributed to the deployment of digital ID solutions and may help in reducing the AML/CFT risk factors as emphasized by the EU regulatory authorities.
There is no doubt that the EU approach to combat money laundering is recognized by all EU Member States. To implement effective anti-money laundering (AML) policies, the scope of AML/CFT action is expanded greatly, and the success of AML policies has been very limited. EU regulatory authorities recognized that the money launderers and criminals are aided by technology, which has necessitated continual adaptation of the AML/KYC regulatory framework.
Given the ongoing monitoring and law enforcement challenges, the EU Commission and some member states have come out in favor of the creation of an EU-wide AML supervisory agency to assist in reducing the coordination and cooperation issues in the process of AML enforcement, particularly across borders.
Based on the EU’s principles of proportionality, a thorough cost and benefit analysis for the AML rules could guide the way to a more measured and effective AML/KYC approach.
It is recognized by the EU Member States, that the Europe-Wide supervisory agency serves as the sole solution. AML supervision requires the cooperation of a multitude of supervisory entities, financial and non-financial supervisors, FIUs, and law enforcement officials, as well as the obliged entities themselves. In the EU context, this means well more than 100 supervisory agencies and many tens of thousands of obliged entities. It raises the issue of EU competence, certainly in the law enforcement domains. The European Banking Authority (EBA), with a distinct and more effective governance structure, is enhancing, to cater to the AML affairs and issues, faced by the institutions.
Joint action regarding the proper functioning of FIUs at the EU level, and cooperation of the EU Member States is strongly recommended and the nature and tasks of the FIUs are better harmonized. The EU-wide interconnection of the FIUs is hosted by Europol because of data protection reasons. Policymakers are addressing FIU cooperation at the EU level;
The EU member States established a uniform template for the suspicious transaction reports STRs, to be integrated into the centralized platform. The focus of the regulatory authorities is to take appropriate measures, for the improvement in the process of data sharing between the enforcement bodies in the EU, including across national borders. This relates not just to types of data but amounts to the speed of data sharing, and its security.
This comprehensive analysis of the AML/KYC laws and regulations in the United States and the European Union offers valuable insights into their respective approaches towards preventing money laundering and terrorist financing. While the US has relied extensively on legislative measures such as the Bank Secrecy Act and the Patriot Act, the EU emphasizes digital identity solutions and cross-member state collaboration. These strategies, although different, aim towards a common goal: safeguarding the integrity of financial systems against illegal activities. Understanding these different approaches provides a basis for dialogue and potential harmonization, facilitating international cooperation and enhancing global AML efforts.