Obligations

Obligated persons under the Money Laundering Act must carry out risk management. Effective risk management means the identification and minimisation of money laundering risks in the activities of obligated persons.

For this purpose, it is important to determine and assess the risk of money laundering and terrorist financing in the company or trade in a risk analysis. Based on this, security measures must be taken. These include, for example, the implementation of training, the examination of employees and, in the case of certain obligated parties, the appointment of an anti-money laundering officer.

In addition, the general design of measures to fulfil further legal obligations, such as the establishment of anonymous whistleblower systems or mandatory transaction monitoring, may be required by the legislator or the authorities.

In order for the supervisory authorities to be able to understand what obligated parties have done to comply with their legal obligations, all these processes must be transparently documented and archived. Supervisory authorities attach great importance to the fact that risk management procedures are not only set up once, but - also against the background of constantly evolving legal requirements - are regularly reviewed and adapted.

In order to combat money laundering and terrorist financing, it is mandatory to comply with the customer due diligence requirements of the Money Laundering Act. Before entering into a business relationship, obligated persons must fulfil various due diligence obligations towards their customers. The AMLA distinguishes between general and enhanced due diligence obligations.

These include, for example, customer due diligence obligations such as the obligation to identify contractual partners, to clarify whether the contractual partner is acting for a beneficial owner or whether the customer is a politically exposed person.

The general duties of due diligence (§10 GwG) must be fulfilled by every obligated party according to the Money Laundering Act. Exceptions are set out in §14 GwG in the simplified due diligence obligations.

Reinforced due diligence obligations occur according to §15 (2) GwG and must be additionally fulfilled if there are indications of an increased risk with a customer. According to §15 (4) GwG, at least the following enhanced due diligence requirements must then be met:

• Initiation of a business relationship requires approval at management level.
• The origin of the assets used in the business relationship must be determined by appropriate means
• The business relationship must be subject to increased continuous monitoring.

The information obtained through compliance with the general due diligence requirements make it possible to carry out an individual risk assessment of the respective customer relationship. The aim of this, in turn, is to determine whether one must fulfil enhanced due diligence obligations - this can be the occasion for more intensive follow-up research. Obligated persons may have to find out whether a contractual partner is domiciled in a third country - a country outside the EU - whether there is a high risk of money laundering or terrorist financing in the respective country and whether the contractual partner holds political office. These circumstances significantly influence the risk of a business relationship or transaction. These questions must be asked by obligated parties and answers must be documented. Negligent breaches of customer due diligence obligations could result in fines.

In order to be able to prove that all customer due diligence obligations have been fulfilled, all documents must be kept for at least five years after the audit in compliance with the General Data Protection Regulation.

If there are indications of money laundering, companies are obliged to report the suspicion. This includes the suspicion that assets originate from an illegal source, transactions are connected to terrorist financing or contractual partners do not disclose their beneficial owners. In these cases, the obligated party must report the facts to the Central Financial Transaction Investigation Unit (FIU) via the reporting portal goAML. The authorities investigate the reports and initiate an investigation if necessary.

Which suspicious behaviour must lead to a report is regularly explained by the FIU in so-called sector-specific "typology papers". Typology papers deal with typical practices of money launderers and can thus help obligated persons to better recognise and report suspicious behaviour. In order to access the reporting portal and the typology papers, obligated persons must have access to the internal area of the FIU.

There is no standardised process for the preparation of risk analyses, however, the Annexes to the AMLA specify certain risk factors that must be included in the risk analysis. The risk analysis is an integral part of money laundering prevention.

The inventory should include general data of the company, the location as well as on the customer, sales and product structure. In the risk analysis, company-specific risks are identified and evaluated on the basis of internal as well as external sources. For this purpose, industry-specific typology papers from the fight against crime, publications of the supervisory authorities and adverse media checks, among others, should be consulted. The internal security measures based on this derive, among other things, recommendations for action from the risk analysis. This also includes, among other things, the handling of suspicious cases and the appointment of a money laundering officer (if necessary).

A risk analysis should be reviewed and updated regularly. Kerberos Compliance takes on this task as part of the creation of a complete money laundering prevention concept. We ensure that the requirements of the German Money Laundering Act (GwG) are met.

If money laundering is suspected, reporting obligations are triggered (cf. § 43 ff. GwG). Irrespective of the value of the asset concerned or the amount of the transaction, the obligated parties under the Money Laundering Act (cf. § 2 Geldwäschegesetz) are obliged to submit a suspicious activity report in electronic form to the Financial Intelligence Unit (FIU) without delay. In this context, it is not necessary to determine in the criminal law sense whether a predicate offense of money laundering may be involved (cf. § 261 Strafgesetzbuch). Rather, it must be determined whether the facts of the case are unusual and/or conspicuous on the basis of general professional experience.

The Transparency Register is a register kept by each EU member state which contains, among other things, information on the beneficial owners of a company. Accordingly, an extract from the Transparency Register ideally also contains data on the beneficial owners of business partners, which must be obtained as part of a KYC or due diligence review.