In a co-ordinated release of four new documents on 29 November, the Autorité des marchés financiers (AMF) is going all out to help financial entities under its supervision fulfill their obligations in the fight against money laundering and the financing of terrorism. It places a noteworthy emphasis on the interplay between financial compliance and safe use of data and automated systems, in light of regulatory changes ushered on the AML/CFT front by the EU’s 4th Anti–Money Laundering Directive (AMLD 4) and a National Risk Assessment Report, earlier this year, by the French Conseil d’orientation de la lutte contre le blanchiment de capitaux et le financement du terrorisme (COLB), and on the data protection front by GDPR.
Position-Recommendation DOC-2019-15 provides a high-level framework for identifying and assessing risks, for ongoing due diligence and risk management, in accordance with the notion of risk classification specified in AMLD 4. This requires a categorisation by each obliged entity of their ML/FT risk factors, whether those factors pertain to what they provide (the product/service they offer) or to whom they provide it to (clientele factors such as country, nature, degree of anonymity…). Obliged entities are advised to take a holistic view of those risk factors, assigning weights based on their own risk profile, which they ought to monitor in the face of evolving ML schemes and trends in their own activities. The document also specifies requirements for collective investment management companies to assess risks in investments and disinvestments in real estate, which was highlighted as as high-threat sector in the COLB National Risk Assessment Report.
Position-Recommendation DOC-2019-16 focuses on due diligence obligations regarding clients and ultimate beneficial owners (UBOs), as required by the French Monetary and Financial Code. It sets out the distinction between notions of business relationship, occasional client, client under the European Supervisory Authorities’ Joint Guidelines of Risk Factors, and UBOs. Entities must trace ownership through holding chains in companies, collective investments, trusts, and other legal entities. In addition, the document outlines due diligence obligations in terms of identifying and verifying the identity of clients and UBOs, understanding the nature of business relationships, and implementing risk-based enhanced due diligence (EDD) measures.
In line with Article 9 of AMLD 4, Position DOC-2019-17 defines a politically-exposed person (PEP) as an individual who performs or has performed significant political, jurisdictional, or administrative functions, along with their immediate family members and persons known to be close associates. EDD measures for PEPs are to determine the source of wealth and funds, to monitor more closely their transactions and changes to capitalistic structures of which they are beneficial owners, and to require executive-level decision-making from obliged entities in order to establish or maintain business relationships with them. Obliged entities are required to use identification questionnaires, which, in light of their declarative nature, must at the bare minimum be verified against publically available information, such as appointment notices in the Official Journal. Additional compliance measures incluse cross-checking against risk-intelligence and beneficial ownership data bases; nonetheless, the position stresses that automated PEP detection tools are not mandatory, while favouring the tailoring of procedures to the specific activities and risk profile of each obliged entity.
Position DOC-2019-18 completes the AML/CFT cycle with an exegesis of reporting obligations. While primarily geared towards financial institutions under AMF supervision, it concerns the duty for all obligated professionals to file a déclaration de soupçon (henceforth DS, that is, a suspicious activity or suspicious transaction report in French law) to Tracfin, France’s intelligence agency for action against clandestine financial circuits. Entities must implement internal systems to detect suspicious activity and transactions, with an emphasis on human, case-by-case analysis – as opposed to over-reliance on automated systems, which are deemed “neither mandatory nor sufficient”. Filing a DS is subject to new content and format requirement, with explicit reference to obligations regarding the retention and confidentiality of documents related to reports made to Tracfin. (This is to align financial entities’ obligations with new data protections introduced by Law nº 2018-493 of 20 June 2018 transposing GDPR into French law.) The position recommends a phased approach to detecting suspicious transactions and activity, aligning with broader international AML/CFT regulations while also drawing the line between Tracfin reporting and other reporting mechanisms involving the French Public Prosecutor and, in the event of asset freezing, the Treasury Directorate General.
These supervisory efforts represent a step by the AMF towards clarifying the French AML/CFT framework, which is bound to evolve with the impending transposition of AMLD 5 into French law.