BAFIN'S AML REVISION: IMPACT ON FIRST AND SECOND LINE OF DEFENSE

On November 29, 2024, BaFin published an updated Interpretation and Application Guidance on the Anti-Money Laundering Act ("AMLA"), which will enter into force on February 1, 2025. With this long-awaited update, BaFin is pursuing the goal of strengthening the effectiveness of measures to combat money laundering and terrorist financing (AML/CFT) while ensuring uniform implementation of the relevant legal requirements at all supervised companies.

The updated interpretation and application guidance brings significant changes for both the first line and the second line of defense. In this article, we highlight the most important changes for the first line of defense and their impact on obliged entities - with a particular focus on two key aspects: the deadlines for the verification of customer profiles and the identification of beneficial owners.

Shortened updating obligations for customer information

One of the key changes concerns the deadlines for updating customer information. The new intervals are as follows:

  • Simplified due diligence obligations: The deadline for updating customer information in the case of simplified due diligence obligations will be risk-based in future. There will no longer be a blanket deadline; instead, the frequency of updates will depend on the customer's risk profile. These intervals remain flexible for low risks.
  • Normal risk: Customers who are classified as normal risk must now update their information every five years (previously every ten years).
  • High risk: For high-risk customers, an annual update is now required (previously every two years).

BaFin also clarifies in its comments that the verification of the data of a legal entity (e.g. GmbH or AG) can be carried out by retrieving company documents such as extracts from the commercial register. BaFin had originally demanded a period of only four weeks after the document was issued, but this has now been extended to three months. This means that obliged entities have more time to check relevant documents. The exact deadline now extends from the date of issue of the document to the date on which the information is first processed by the obliged entities. In practice, this means that companies will have to adapt their internal review process with regard to document review, as the deadlines have been made more flexible, but regular checks are still required.

BaFin has also clarified that in low-risk cases, an official identity card from an authority or public body can also be used as proof of identity, which simplifies the requirements for verifying the identity of such customers. However, it is emphasized that not all data points as described in Sections 10 para. 1 no. 1, 11 para. 4 no. 2 AMLA must be recorded in such cases. This offers obliged entities a certain degree of flexibility, as they do not have to record all data in detail if the risk is deemed to be low.

Chapter 4.5.2 of the AuAs clarifies that BaFin also increasingly accepts the use of commercial databases to determine whether a customer or their beneficial owner is a politically exposed person (PEP). This is of considerable importance, as PEPs are exposed to an increased risk of money laundering and corruption. However, obliged entities must ensure that they always use the latest lists provided by their service providers to carry out this risk analysis correctly. This requires regular review and sharing of data with external providers where necessary.

The shortened deadlines and more detailed requirements for customer information lead to an increase in the workload for companies. In particular, the annual review of high-risk customers requires a significant increase in human and technical resources. Companies must adapt their systems so that they can carry out the updates efficiently and on time. The management of commercial register extracts and the integration of commercial databases into risk management systems increase the complexity and administrative burden.

Identification of beneficial owners

Another key component of BaFin's updated interpretation and application notes concerns the requirements for identifying beneficial owners. This is a key measure in the fight against money laundering, as the beneficial owner is the person who ultimately exercises control over a legal entity or a construct.

According to the new requirements, obliged entities must obtain information about the beneficial owner directly from the contracting party or the person acting on behalf of the contracting party. This means that the sole use of public sources, credit agencies or the transparency register is not sufficient. These sources can only serve as a supplementary source of information, but they must not be the primary basis for identifying the beneficial owner.

The obligation to obtain this information directly from the contractual partner leads to more intensive communication and a more detailed review of the data. For companies, this means that they must request detailed evidence of the ownership structure of their customers and their beneficial owners.

BaFin has also made an important change with regard to listed companies. According to the new regulation, subsidiaries of listed companies are exempt from the obligation to identify the beneficial owners if the parent company holds more than 75% of the shares. Previously, this exemption only applied if the parent company held at least 50% of the shares.

The direct collection of information from contractual partners and the requirement for detailed verification of beneficial owners will significantly increase the administrative burden. Companies must work closely with the sales teams in their compliance departments to ensure that all necessary data is collected correctly and completely.

Conclusion

The revised BaFin requirements for updating customer information and identifying beneficial owners entail significant changes for obliged entities. Companies must adapt their compliance processes, which particularly affects the workload in the areas of document review, risk management and communication with customers.

Contact us

Do you have any questions about our activities or would you like to contact us?

Then write to us or give us a call. We will be happy to advise you extensively and find a solution tailored to your requirements.

CURENTIS AG

Experience meets innovation

Frankfurter Landstraße 62a
61440 Oberursel (Taunus)
T: +49 (0) 6171 - 95 598 0

info@curentis.com

    Please enter the code below: captcha

    Banking & Sustainability: Update on the EU taxonomy - simplification of...WHY THE SPECIAL ASSETS OF THE FEDERAL GOVERNMENT ARE EXPOSED TO CREDIT DEFAULT RISK...