5th AML Directive in Poland
The Fifth Anti-Money Laundering Directive (5AMLD) will come into force on the 10th of January 2020 in Poland and other EU Member’s State. The new regulations are addressed among others to cryptocurreny business undertakings. There will be also new KYC obligations to be fulfilled by Polish obligated institutions in relation to contractors from high-risk third countries. However, lot of rules were already implemented in Polish AML Act.
There can be recognized following 5AMLD’s key points:
- Cryptocurrency business entities become obligated institution (obliged entity);
- Cryptocurrency business entities have to be entered into separate business register or obtain license;
- Public access to beneficial owners register;
- Harmonization of the enhanced customer due diligence and improvements in the procedure to identify high-risk third countries
– new KYC obligations
1. Cryptocurrency entrepreneur as obliged entity
According to 5AMLD the obliged institution shall be now providers engaged in exchange services between virtual currencies and fiat currencies.
The corresponding provision may be already found in Polish AML Act, which stipulates that, Polish commercial entities are recognized as “obligated institutions” if they are carrying out business activity consisting in the provision of services in the scope of:
- exchange between virtual currencies and means of payment;
- exchange between virtual currencies;
- intermediation in the exchange referred to in letter a or b;
- keeping maintaining the accounts in electronic form, of identifying data enabling the entitled persons to use virtual currency units, including the conduct of transactions of their exchange.
Comparing these two provisions, it can be concluded that Polish AML regulation’s criteria for classifying cryptocurrency business undertaking as obliged entity is much wider than 5AMLD. Directive applies only to fiat to crypto and crypto to fiat exchange business.
Both 5AML and Polish AML act also define “virtual currency”. According to AML Directive “virtual currencies” means a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically.
On the other hand under Polish AML Act virtual currency shall be understood as a digital representation of value which is not:
- a) legal tender issued by the NBP, foreign central banks or other public administration authorities,
- b) an international unit of account established by an international organisation and accepted by particular countries being members of that organisation or cooperating with that organisation,
- c) electronic money within the meaning of the Payment Services Act of 19 August 2011,
- d) a financial instrument within the meaning of the Act of 29 July 2005 on Trading in Financial Instruments,
- e) a promissory note or a cheque
– and which is convertible into legal tender in business transactions and is accepted as a means of exchange, and which may be stored or transferred electronically or may be traded electronically;
What is new and was not introduced in Polish Law, under 5AMLD obliged institution shall be also custodian wallet providers. 5AMLD defines custodian wallet provider as an entity that provides services to safeguard private cryptographic keys on behalf of its customers, to hold, store and transfer virtual currencies.
Business entity which is categorized as obligated institution (obliged entity) has to complete with certain obligations. These obligations of obliged entity may be divided among others into following groups:
- Implementation of an internal procedure on combating money laundering and terrorist financing – AML Policy;
- Application the financial security measures to customers in certain circumstances – KYC/ Client Identification procedure;
- Reporting the General Inspector of Financial Information in certain situations;
- Designation of senior management responsible for implementing the duties set out Polish AML Act;
- Performing training programmes to personnel covering the execution of AML obligations
Read more about these obligations here: https://www.lawfirmpoland.com/aml-standards-manual-in-poland/
2. Cryptocurrency business entities have to be entered into separate business register or obtain cryptocurrency license
According to 5AMLD Member States shall ensure that providers of exchange services between virtual currencies and fiat currencies, and custodian wallet providers, are registered, that currency exchange and cheque cashing offices, and trust or company service providers are licensed or registered, and that providers of gambling services are regulated.
Therefore, legislative bodies of each EU State has to implement regulations introducing system of registration of cryptocurrency exchange business entities. Without creating new law by Member States this obligation can not be fulfilled by entrepreneur (the entry to register is not required).
Members States may choose implementation in a simple form of registration procedure to create list of cryptocurrency entities. More complicated scenario will take place when EU State choose to introduce license procedure. Member State may choose to define virtual currency exchange services as financial services, which will obligate entity to obtain financial license. On the other hand, new license may be introduced: “cryptocurrency license” like in Estonia.
Polish Parliament has not implemented 5AMLD in that regard and there is no cryptocurrency entities register. Furthermore, cryptocurrency exchange services (not exchange platforms) still are not classified as payment services in Poland, therefore there is no obligation to obtain financial license
3. Public access to beneficial owners register
Under 5MLD, registers of beneficial ownership, which were created under 4AMLD will be now public. Therefore Member States has to form public register of beneficial owners which have to kept up to date.
The Polish Register of Real Beneficiaries (pl: “CRBR”) was introduced in October 2019. You can read more about Register of Beneficial Owners in Poland here: https://www.lawfirmpoland.com/beneficial-owners-register-in-poland/
4. Harmonization of the enhanced customer due diligence and improvements in the procedure to identify high-risk third countries - new obligations
5AMLD does not introduce any significant changes in the KYC obligations. Most of them are cosmetic. Below we are presenting the main differences:
Customer due diligence measures shall comprise identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source;
Customer due diligence measures shall comprise identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source, including, where available, electronic identification means, relevant trust services as set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council (*4) or any other secure, remote or electronic identification process regulated, recognised, approved or accepted by the relevant national authorities;
Customer due diligence measures shall comprise identifying the beneficial owner and taking reasonable measures to verify that person’s identity so that the obliged entity is satisfied that it knows who the beneficial owner is, including, as regards legal persons, trusts, companies, foundations and similar legal arrangements, taking reasonable measures to understand the ownership and control structure of the customer;
Customer due diligence measures shall comprise identifying the beneficial owner and taking reasonable measures to verify that person’s identity so that the obliged entity is satisfied that it knows who the beneficial owner is, including, as regards legal persons, trusts, companies, foundations and similar legal arrangements, taking reasonable measures to understand the ownership and control structure of the customer, where the beneficial owner identified is the senior managing official as referred to in Article 3(6)(a) (ii), obliged entities shall take the necessary reasonable measures to verify the identity of the natural person who holds the position of senior managing official and shall keep records of the actions taken as well as any difficulties encountered during the verification process.
Member States shall require that verification of the identity of the customer and the beneficial owner take place before the establishment of a business relationship or the carrying out of the transaction.
Member States shall require that verification of the identity of the customer and the beneficial owner take place before the establishment of a business relationship or the carrying out of the transaction. Whenever entering into a new business relationship with a corporate or other legal entity, or a trust or a legal arrangement having a structure or functions similar to trusts (“similar legal arrangement”) which are subject to the registration of beneficial ownership information pursuant, the obliged entities shall collect proof of registration or an excerpt of the register.
Member States shall require that obliged entities apply the customer due diligence measures not only to all new customers but also at appropriate times to existing customers on a risk-sensitive basis, including at times when the relevant circumstances of a customer change.
Member States shall require that obliged entities apply the customer due diligence measures not only to all new customers but also at appropriate times to existing customers on a risk-sensitive basis, or when the relevant circumstances of a customer change, or when the obliged entity has any legal duty in the course of the relevant calendar year to contact the customer for the purpose of reviewing any relevant information relating to the beneficial owner(s), or if the obliged entity has had this duty under Council Directive 2011/16/EU (*5).
Member States shall require obliged entities to examine, as far as reasonably possible, the background and purpose of all complex and unusually large transactions, and all unusual patterns of transactions, which have no apparent economic or lawful purpose. In particular, obliged entities shall increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear suspicious.
Member States shall require obliged entities to examine, as far as reasonably possible, the background and purpose of all transactions that fulfill at least one of the following conditions:
they are complex transactions;
they are unusually large transactions;
they are conducted in an unusual pattern;
they do not have an apparent economic or lawful purpose.
In particular, obliged entities shall increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear suspicious.
On the other hand, there was added complete new Article 18a, which stipulates relations with high-risk third countries:
- With respect to business relationships or transactions involving high-risk third countries identified pursuant to Article 9(2), Member States shall require obliged entities to apply the following enhanced customer due diligence measures:
(a) obtaining additional information on the customer and on the beneficial owner(s);
(b) obtaining additional information on the intended nature of the business relationship;
(c) obtaining information on the source of funds and source of wealth of the customer and of the beneficial owner(s);
(d) obtaining information on the reasons for the intended or performed transactions;
(e) obtaining the approval of senior management for establishing or continuing the business relationship
(f) conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.
Member States may require obliged entities to ensure, where applicable, that the first payment be carried out through an account in the customer’s name with a credit institution subject to customer due diligence standards that are not less robust than those laid down in this Directive.
- In addition to the measures provided in paragraph 1 and in compliance with the Union’s international obligations, Member States shall require obliged entities to apply, where applicable, one or more additional mitigating measures to persons and legal entities carrying out transactions involving high-risk third countries identified pursuant to Article 9(2). Those measures shall consist of one or more of the following:
(a) the application of additional elements of enhanced due diligence;
(b) the introduction of enhanced relevant reporting mechanisms or systematic reporting of financial transactions;
(c) the limitation of business relationships or transactions with natural persons or legal entities from the third countries identified as high risk countries pursuant to Article 9(2).
- In addition to the measures provided in paragraph 1, Member States shall apply, where applicable, one or several of the following measures with regard to high-risk third countries identified pursuant to Article 9(2) in compliance with the Union’s international obligations:
(a) refusing the establishment of subsidiaries or branches or representative offices of obliged entities from the country concerned, or otherwise taking into account the fact that the relevant obliged entity is from a country that does not have adequate AML/CFT regimes;
(b) prohibiting obliged entities from establishing branches or representative offices in the country concerned, or otherwise taking into account the fact that the relevant branch or representative office would be in a country that does not have adequate AML/CFT regimes;
(c) requiring increased supervisory examination or increased external audit requirements for branches and subsidiaries of obliged entities located in the country concerned;
(d) requiring increased external audit requirements for financial groups with respect to any of their branches and subsidiaries located in the country concerned;
(e) requiring credit and financial institutions to review and amend, or if necessary terminate, correspondent relationships with respondent institutions in the country concerned.
- When enacting or applying the measures set out in paragraphs 2 and 3, Member States shall take into account, as appropriate relevant evaluations, assessments or reports drawn up by international organisations and standard setters with competence in the field of preventing money laundering and combating terrorist financing, in relation to the risks posed by individual third countries.
- Member States shall notify the Commission before enacting or applying the measures set out in paragraphs 2 and 3.’;