I. THE OVERVIEW OF THE CASE
On 10 March the highest Court of the European Union - the Court of Justice of the European Union (hereinafter – the “ECJ”) delivered an important decision in the case C-235/14 “Safe Interenvios S.A.” (hereinafter – the “Safe Case”). This case is one of the rare cases related to the requirement of financial services providers comply with anti-money laundering obligations. Decisions of the ECJ are an important source of interpretation of all national and EU level legal provisions. Moreover, public authorities of Luxembourg (CSSF, Financial investigation authorities, Courts) are de facto bound to comply with the ECJ’s decisions. For these reasons, all entities subject to anti-money laundering/costumer due diligence (hereinafter “AML/CDD”) obligations (banks, financial institutions, insurers, regulated markets, management companies, collective investment vehicles, pension funds, auditors, notaries, real estate agents, payment services providers, family offices, domiciliation and fiduciary service providers, securitisation vehicles, etc.) should take into account the principles established by this decision.
1. Facts of the case
The payment service provider “Safe” which was established in Spain was asked by its partner banks (where Safe held bank accounts) to provide additional information about its clients and the destinations of payment orders for AML/CDD purposes. After the refusal of Safe to provide additional information, the banks decided to close the relevant accounts. Safe contested the closing of accounts. Its position was that the closure of the accounts was not legitimate from a competition law point of view. The banks however claimed that the closure was in line with AML/CDD rules. Having failed in the Court of first instance, Safe appealed against the judgment claiming that it was a payment institution subject to the supervision (including AML/CDD rules) of the Bank of Spain. Therefore, it argued that the requests by the banks to provide data about its clients was not legal. In this context, preliminary questions were raised, seeking to clarify the position of the ECJ in this matter.
2. The Opinion of the Advocate General (Eleanor Sharpston)
On 3 September 2012, the Advocate General Eleanor Sharpston delivered her Opinion as to how the ECJ should decide on the case. Even if the Opinion does not have the same formal power as the decisions of the ECJ, in practice it is a very important source of interpretation of the relevant provisions. Therefore, it is strongly recommended to all market participants to consider carefully the Opinion of the Advocate General. The Advocate General has analysed in her Opinion several important points which are worthy of detailed analysis.
a. A new definition of suspicion of money laundering
The Advocate General expressed a position that suspicion of money laundering or terrorism financing must be based on some objective material that is capable of review in order to verify compliance with AML/CDD rules1 . In other words, suspicion of money laundering is a situation where, taking into account the individual circumstances of a customer and his transactions, there are verifiable grounds showing a risk that money laundering or terrorist financing exists or will occur in relation to that customer.
b. A new scope of AML/CDD obligations
The Advocate General made an interesting observation, that, despite the application of strict AML/CDD rules, the money laundering risk is never equal to zero2 . The market participants should take into consideration the degree of such risk in each individual case. Therefore, the CDD measures should be also applied in relation to parties which themselves are bound to apply AML/CDD measures (financial institutions, insurance companies etc.)3 . In other words, if a bank (or other entity subject to AML/CDD obligations) has established business relations with another bank, the AML/CDD measures should be applied as well, despite the fact that the latter bank is also an entity subject to AML/CDD obligations.
c. An obligation to apply AML/CDD measures vis-à-vis the clients of the client
In cases where a higher risk of money laundering or terrorism financing exists, enhanced CDD measures should be applied. In such cases, the need to obtain information about the customers of the relevant party could be justified4 . Therefore, the bank could have a legitimate interest to ask its client – the insurance undertaking – to provide information for AML/CDD purposes about the final policy holders. Moreover, personal data protection rules are not an obstacle to obtaining information about the customers of its customer5 .
d. An obligation to comply with the FATF Recommendations
Before the Safe Case, market participants were required to comply only with national laws and other legal acts regulating AML/CDD matters. The Advocate General has expressed an important position that the directive should be interpreted in line with the FATF Recommendations6 . Therefore, it is recommended for market participants to verify if their internal AML/CDD policies as well as other documentation and practices are in line with the FATF Recommendations7 .
3. The Decision of the ECJ
The ECJ in principle repeated and confirmed all statements of the Advocate General. According to the position of the Court, all entities subject to AML/CDD obligations should apply a risk-based approach and take all necessary AML/CDD measures, depending on risk in the relevant situation8 .
Moreover, all entities subject to AML/CDD obligations should be able to prove that the measures applied were in fact reflective of a real risk of money laundering or terrorism financing in that particular situation9 .
II. NEW TENDENCIES OF AML/CDD AFTER THE ECJ’S CASE C- 235/14 “SAFE INTERENVIOS S.A.”
The Safe Case did not make any revolutions in the AML/CDD area. All principles and ideas in the case already existed in the FATF Recommendations. However, certain FATF Recommendations were repeated in the Safe Case. Therefore, if before that case these recommendations were not strictly binding, the Safe Case made them a compulsory rule of the EU law in the field of AML/CDD.
1. Obligation to comply with the FATF Recommendations
Before the Safe Case the market participants, financial institutions and other entities subject to AML/CDD rules were requested to comply with national legislation regarding AML/CDD issues. The FATF Recommendations were considered only as a guidance as to how certain AML/CDD related obligations should be understood. These recommendations were considered as soft-law types of rules without any mandatory application.
The Advocate General expressed an important position that the directive should be interpreted in line with the FATF Recommendations10. This position was confirmed by the ECJ11.
Therefore, the market participants, financial institutions and other entities subject to AML/CDD rules should ensure that their internal rules, policies and practices are in line with the FATF Recommendations. The non-compliance with the FATF Recommendations could be considered as a failure to comply with AML/CDD rules and even lead to the application of sanctions.
For these reasons, all entities which are subject to AML/CDD rules are advised to revise their AML/CDD internal rules, policies and practices in order to ensure the compliance with the FATF Recommendations.
2. Obligation to apply the CDD measures vis-à-vis other entities subject to AML/CDD rules
In principle, the ECJ once again approved a risk-based approach toward money laundering and terrorism financing. The entities subject to AML/CDD rules should be able to verify the degree of risk of money laundering and terrorism financing related to their business. If there is a suspicion of a higher risk enhanced measures should be applied. Measures applied should be proportional to the degree of potential risk.
Depending on the risk level, the AML/CDD measures could be applied towards the clients of an entity subject to AML/CDD rules even in cases where the client itself is such an entity. In other words, banks and other financial institutions (as well as other entities which are subject to AML/CDD rules) should be able to apply AML/CDD measures towards other banks and financial institutions (as well as other entities subject to AML/CDD rules), despite the fact that the latter is also bound by AML/CDD duties.
3. Obligation to apply the CDD measures vis-à-vis clients of the client based on a risk based approach
The Advocate General and the ECJ has expressed an important point, that the need to comply with AML rules could imply the application of CDD measures towards clients of the client. The ECJ supported that view indirectly, stating that personal data protection should not be an obstacle for data transfer for AML/CDD purposes12. On the other side, ECJ repeated the position that, in case of absence of possibility to evaluate AML/CDD related risk, the banks and other entities should take preventive measures (i.e. termination of business relationship) 13.
In other words, in certain situations where there is a verifiable risk of money laundering, there could be a legitimate interest to ask information about clients of its own client.
For example, a bank could ask another bank (i.e. a correspondent bank) to provide information for AML/CDD purposes about the final beneficiaries of the operation, even if the correspondent bank itself is subject to AML rules. In particular, the personal data protection policies should be reviewed, in order to ensure that they do not object the transfer of personal data to third persons for AML/CDD purposes.
III. IMPLICATIONS FOR ENTITIES SUBJECT TO AML/CDD OBLIGATIONS
Market participants (entities subject to AML/CDD obligations) should take into account the new tendencies of the AML/CDD rules and principles expressed in the Safe Case.
First of all, internal policies, rules and procedures should be reviewed accordingly, in order to ensure the compliance with new tendencies of AML/CDD rules. I
n addition, market participants are obliged to train periodically their staff in order that they will be able to identify and fight against money laundering and terrorism financing. The new tendencies of AML/CDD rules and principles expressed in the Safe Case should be a part of these trainings.
Last but not least, these new rules should be part of everyday practice of each market participant’s business.
1 The Opinion of the Advocate General presented 3 September 2015 in the ECJ’s case C-235/14 Safe Interenvios S.A., point 81.
2 The Opinion of the Advocate General presented 3 September 2015 in the ECJ’s case C-235/14 Safe Interenvios S.A., point 92.
3 The Opinion of the Advocate General presented 3 September 2015 in the ECJ’s case C-235/14 Safe Interenvios S.A., point 93.
4 The Opinion of the Advocate General presented 3 September 2015 in the ECJ’s case C-235/14 Safe Interenvios S.A., point 125. The decision of the ECJ of the 10 March 2016 in the case C-235/14 Safe Interenvios S.A., points 107 and 109.
5 The Opinion of the Advocate General presented 3 September 2015 in the ECJ’s case C-235/14 Safe Interenvios S.A., point 126. The decision of the ECJ of the 10 March 2016 in the case C-235/14 Safe Interenvios S.A., point 109.
6 The Opinion of the Advocate General presented 3 September 2015 in the ECJ’s case C-235/14 Safe Interenvios S.A., point 7.
7 International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation. The FATF Recommendations. The last version of recommendations was published in February 2012.
8 The decision of the ECJ of the 10 March 2016 in the case C-235/14 Safe Interenvios S.A., point 72.
9 The decision of the ECJ of the 10 March 2016 in the case C-235/14 Safe Interenvios S.A., point 86.
10 The Opinion of the Advocate General presented 3 September 2015 in the ECJ’s case C-235/14 Safe Interenvios S.A., point 8.
11 The decision of the ECJ of the 10 March 2016 in the case C-235/14 Safe Interenvios S.A., point 3.
12 The decision of the ECJ of the 10 March 2016 in the case C-235/14 Safe Interenvios S.A., point 109.
13 The decision of the ECJ of the 10 March 2016 in the case C-235/14 Safe Interenvios S.A., point 107.