What is money laundering?
Money laundering is a criminal act whereby money that has been obtained through criminal activities, i.e. “dirty” money, is “white washed” by using the financial system in order to conceal its origins. Essentially, then, money laundering means making illegal money look like legitimate money by wiping any traces that could link it to its criminal origins.
Money laundering presupposes that an original offence has been committed. Money laundering relates to any economic benefit that is gained via this predicate offence. Consequently, money laundering is a criminal act.
The fight against money laundering in Luxembourg
In developing an international financial centre, Luxembourg became aware at a very early stage of the need to prevent the use of financial circuits for unlawful purposes. While initially designed to fight money laundering linked to drug trafficking, Luxembourg legislation today criminalises all offences recommended by the Financial Action Task Force (FATF).
Moreover, measures aiming to prevent money laundering not only apply to banks, but to all professionals in the financial sector, including insurance companies, notaries, estate agents, auditors, casinos, lawyers, tax and financial advisers, and persons selling high-value goods.
Luxembourg anti-money laundering legislation
Luxembourg legislation foresees very strict access conditions for those wishing to exercise a financial sector activity. Moreover, professional secrecy in Luxembourg does not protect those that commit criminal offences, since this secrecy is non-invocable in penal matters. Financial sector cooperation with legal and administrative authorities exists on various levels and includes the obligation to report any fact that is perceived as an indication of money laundering.
The cooperation with authorities, specifically in the fight against the financing of terrorism, intensified further after the 9/11 attacks. Thus, the law of 12 August 2003 on the repression of terrorism and its financing introduced the financing of terrorism into the penal code and extended the definition of Money laundering by including terrorism and the financing of terrorism in the list of primary offences.
The Law of 12 November 2004 on the fight against money laundering and against the financing of terrorism, as amended by the laws of 17 July 2008 and 27 October 2010, transposed into national law the Third EU Money Laundering Directive. With the introduction of this directive, the list of primary offences is now composed of two sections: on the one hand, a list of offences that are explicitly named, and, on the other, a non-exclusive list that is determined according to a penalty threshold and containing all offences punishable by a custodial sentence of a minimum of six months. In Luxembourg, the latter offences, for instance, include insider dealing, counterfeiting, fraud, abuse of company assets, etc.
The fourth EU Money Laundering Directive (EU 2015/849) which put a strong emphasis on assessing various risks factors for obliged entities to implement their corresponding due diligence (see notably CSSF circular 17/661 dated 24 July 2017), is currently being subject to three draft bills: (i) N°7128 pertaining overall to the general professional obligations imposed on obliged entities and based on risks assessment, (ii) N°7216 and (iii) N°7217 regarding the setting up of beneficial owners’ registries for companies/legal entities and trusts (“fiducies”). Both bills will firstly impose new obligations on companies and legal entities as referred to in the law of 18th December 2002 on the register of commerce and companies, except for listed companies under specific conditions, common funds (“fonds communs de placement/FCPs)” and branches of foreign companies. According to draft bill N°7217 setting up a register of beneficial owners of companies/legal entities (a.k.a. “REBECO”), the companies will be required not only to transmit electronically to the registry held at the Luxembourg trade and companies register a set of defined information pertaining to their beneficial owners at the latest six months after the entry into force of the law, but also to make sure to keep and maintain the accuracy of such information, failing which criminal sanctions might apply. A limited access to this register shall be granted to “professionals” within the meaning of the law of 12 November 2004 on the fight against money laundering, such as for instance credit institutions and professionals of the financial sector, while undertaking the customer due diligence. On the one hand, such facility may prove useful for the professionals to abide to their due diligence and risk assessment obligations under the Luxembourg AML/CTF legal framework, bearing in mind, on the other hand, that the latter will also have to “promptly inform the Register as soon as they find either the existence of erroneous data or the default of all or part of the data, or a lack of registration/modification /struck off of such data“. This, in turn, may result in an increase in the administrative burden undertaken by bankers, given the flows of customer due diligence’s information to be processed on a daily basis.The draft bill N°7216 foresees firstly that Luxembourg fiduciary agents of fiduciary arrangements under the Luxembourg law on trusts and fiduciary arrangements of 27 July 2003 will have to get and keep at their registered office a set of data pertaining to the arrangement, to then report it into a “Registre des ficucies“, as long as the arrangement generates tax consequences. The practical modalities pertaining to such register to be further determined by Grand-Ducal Regulation resembles those of the REBECO, having noted that only national authorities will be able to access the content of the register.Given that the law of 2003 only allows certain financial entities/public official bodies to act as fiduciary agents (“fiduciaires”), among them credit institutions and investment firms, this implies that such entities will be obligated to solely define the characteristics of a fiduciary arrangement generating tax consequences, yet not illustrated within the draft bill. Thereafter and without legal certainty, banks will be expected to report, modify and update the register, juggling with potential administrative sanctions and injunctions, shall they fail to abide to their upcoming new duties. Banks may hence face challenging times ahead in adapting their anti-money laundering/counter-terrorism fighting procedures and processes.With regard to traceability of money transfers, Regulation N°2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) N°1781/2006 sets out rules on payment services providers with regard to the provision of information concerning payers and payees in order to help prevent, detect and investigate terrorist financing. The provisions of the latter are binding and directly applicable in all Member States since 26 June 2017. The CSSF therefore published circular 17/660 in this regard.
Risk based approach
The risk based approach consists in taking all the necessary steps to identify and assess various type of risks obliged entities may face (such as customer risk factor, product, service, transaction or delivery channel risk factors and geographical risk factors), with a view to decide how best to manage it and apply the corresponding due diligence.
The European Commission published on 26 June 2017 a report as required by the fourth EU Money Laundering Directive whereby it assessed the money laundering and terrorist financing risks of different sectors and financial products. The report identifies the areas at risk together with the most widespread techniques used by criminals to launder illicit funds.
According to the Directive, Luxembourg shall take appropriate steps to identify, assess, understand and mitigate the risks of money laundering and terrorist financing affecting it. It shall hence make its National Risk Assessment available to the European Commission.
Obliged entities shall clearly identify and assess the money laundering and terrorist financing risks to which they are exposed according to CSSF circular N° 12-02 of 14 December 2012 on the fight against money laundering and terrorist financing. The rule of risk-based approach is one of the core element developed in the fourth EU Money Laundering Directive and its appendixes. The CSSF released on circular 17/661 on 24 July 2017 a circular on the adoption of the joint guideline by the three European Supervisory Authorities (EBA/ESMA/EIOPA) on money laundering and terrorist financing risk factors.
Professional obligations in Luxembourg
- obligation to apply customer due diligence measures: this includes the identification of the customer and of the beneficial owner, obtaining information on the business relationship, and constant monitoring of the business relationship (transactions, source of funds, updating data)
- obligation to scrutinize certain transactions with particular attention
- obligation to maintain a continuous follow-up of clients relative to the risk they present
- obligation to keep certain documents
- obligation to have an adequate internal organisation in place
- obligation to cooperate with authorities and obligation to notify
- obligation to incorporate a payers and payees’ name or account number into transfers