An EU Delegated Regulation under the Fourth Money Laundering Directive has been published in the Official Journal of the European Union.  The Delegated Regulation sets out Regulatory Technical Standards specifying the measures that EU credit and financial institutions subject to the Fourth Money Laundering Directive should take to handle money laundering and terrorist financing risks arising where a majority-owned subsidiary or branch established in a non-EU country is prohibited from implementing policies its EU parent has put in place to comply with EU regulations. 

Under the Fourth Money Laundering Directive, EU institutions are required to manage the risk of facilitating money laundering or terrorist financing on a group-wide basis. Certain institutions may, however, struggle to fully implement procedures in subsidiaries established outside the EU as a result of third country laws, such as data protection or banking secrecy laws that prohibit sharing of information. The Commission's RTS aim to combat this problem by imposing additional obligations upon EU credit and financial institutions. These include carrying out a thorough risk assessment of money laundering and terrorist financing risks in the relevant third country and providing targeted training to members of staff where applicable, or seeking direct consent from customers to provide information in circumstances where carrying out a risk assessment would otherwise be unlawful. In the event neither course of action is possible, the institution may be obliged to terminate the relevant business relationship or transaction. The RTS also impose an obligation to attempt to obtain consent from customers and/or carry out specified additional measures to manage risk in respect of sharing and processing customer data, disclosing information related to suspicious transactions and transferring customer data to Member States.

The RTS are particularly relevant in light of the Commission's recent publication of its blacklist of third countries which are deemed "high-risk" for money laundering and terrorism financing purposes. Under the Fourth Money Laundering Directive, EU Member States must require relevant entities to impose enhanced customer due diligence measures to manage and mitigate the risks of dealing with such high-risk third countries. There is an exception to this requirement in respect of subsidiaries or branches of EU-established entities which comply with the group-wide policies of their parent (provided those policies are compliant with EU standards). In the case where such subsidiaries or branches do not comply with group-wide measures, however, the RTS specify that they should be implemented without prejudice to any enhanced due diligence measures which EU-established entities may be required to take pursuant to the Fourth Money Laundering Directive.

The RTS will enter into force on June 3, 2019 and will apply directly across the EU from September 3, 2019.

View the RTS.

[View source.]