4th and 5th AML Directives

The European Commission’s 4th AMLD (Anti Money Laundering Directive), has now been implemented to protect against money laundering and the financing of terrorist activity.

But new amendments have already been proposed in what has become known informally as the Fifth Anti Money Laundering Directive, designed to strengthen the compliance of 4AML in light of the recent terrorist attacks in Europe and increase in virtual financing.

1. Benefit Ownership Registers

The 4th AMLD requires businesses to hold beneficial ownership records. Therefore, anyone who enjoys the benefits of ownership, even though title to the property is in another name, must be declared.

Under 5AMLD, it has been proposed that EU citizens be granted access to these registers without having to demonstrate “legitimate interest”, to improve transparency about the ownership of companies and trusts.

2. Virtual Currencies

The definition of “obliged entities” required to practice due diligence in 4th AMLD included financial institutions, accountants, tax advisors, and other tangible groups. 5th AMLD brings virtual currency platforms and wallet providers into the scope of the directive, responding to the huge growth in the use of virtual currencies and Fintech in general.

3. Prepaid cards

5AMLD proposes that the anonymous transaction limit on prepaid cards be reduced to €50, with higher value transactions requiring full identification of card holders.

4. Broader Information Sharing

Wading through red tape and administrative hurdles means that Financial Intelligence Units can find it hard to access crucial information quickly. Delays like this can prevent critical action being taken in the case of money laundering or terrorist activity. The latest proposals suggest that Member States must create an automated and centralised system or a central register, giving full unrestricted and efficient access to any information which could assist them.

5. Enhanced Due Diligence

Under 4AMLD, firms must carry out checks on their customers identities by completing basic company searches and/or checking ID to protect against corruption. 5AMLD proposes an improvement on checks for high risk third world countries, who many not have adequate AML strategies in place.


These changes are due to be discussed within EU parliament in October 2017 and timing of the proposed changes will be dependent on an agreement being reached.

Don’t gamble with your operating licence

The Gambling Commission has recently unveiled their new strategy to enforce stronger penalties for operators who do not adequately guard against money laundering, problem gamblers or who fail to provide a fair and adequate service. Sarah Harrison, the Commissions Chief Executive, has said they would take “tough action” against any operators who do not comply with the latest changes which are designed to put the customer first and increase social responsibility. This comes in the wake of the news that some major gambling operators faced large voluntary settlements for failing to protect against money laundering and problem gambling, and others who offered unfair sign up promotions.

Key Changes

License holders both inside and outside Great Britain will be required to continuously monitor money laundering risks and keep up to date assessments, whilst actively managing risks with appropriate procedures.

Advertisements must not be placed on websites which infringe on copyright laws (for example torrent sites), and operators are required to ensure that any affiliates or third parties working on their behalf also comply.

There will be tighter controls on the placement and use of gaming machines including ensuring adequate supervision and distinctions between the use of gaming machines in different types of licensed gambling premises.

License holders will be expected to ensure that bets are not in breach of any rules from sporting or other governing bodies and must void any bets which don’t comply. Employers will require employees to report any indicators of suspicious or irregular betting and prevent employees from using information to their own advantage.

Operators will be forced to comply with consumer law, particularly with reference to sign up offers, some of which have been accused of being misleading, with complicated terms and conditions which prevent customers from withdrawing winnings.

Sarah Harrison has made it quite clear that operators will be held on a tight leash from now on. “The gambling industry should be under no illusion that if they don’t comply with consumer law, we will see this as a breach of their operating licence, and take decisive action,” she said.

Ongoing checks for responsible gambling

Problem gambling costs the UK up to £1.2bn a year, according to a recent report commissioned by charity GambleAware. Up to 1.1% of the adult population are believed to have a gambling problem, with added strain being placed on the social welfare system.

The Gambling Commission have three objectives the operators are expected to follow; crime should be kept out of gambling, it should be conducted in a fair and open way, children and other vulnerable people should be protected from harm or exploitation from gambling. In order to ensure that these objectives are met, operators are required to make identity checks on customers as part of their social responsibility and Anti Money Laundering (AML) requirements.

Operators who fail to make the necessary checks are putting their license, and their business, at risk.

Problem gambling can result in a downward spiral that has far reaching consequences. Operators upholding their social responsibilities can help weed out customers who are using gambling as a money laundering device, for instance those that are in receipt of state benefits yet who seem to have a lot of disposable income to spend on gambling.

There have been a number of suggestions to restrict benefits claimants from spending their benefits on gambling and other vices, including the idea that benefits be paid onto a card which can only be used in certain places.

However, there are currently no restrictions on how benefits can be spent. And those who are in receipt of benefits may be considered more vulnerable to the effects of gambling than those in other areas of society.

ID checks for customers isn’t a choice, it is a legal requirement. Operators must be able to demonstrate that they have ensured that all customers are old enough, have not self-excluded (a register of people who have decided that they wish to stop gambling and wish to be supported in their decision to stop) or are not involved in illegal activity.

There are a number of anti-money laundering and fraud protection solutions available for operators who wish to protect themselves and their licenses from the threat of crime and fraud.

The impact of GDPR on KYC

GDPR (General Data Protection Regulation) comes into effect in May 2018, over 200 pages of EU data privacy regulations which will affect how companies manage, process and delete data.

Under GDPR, banks and other organisations who carry out identity checks and hold sensitive information about customers will have to be completely transparent about what happens to that data after it has been used.

Adequate KYC procedures can be powerful AML and risk management tools but the introduction of GDPR will have further consequences on the way businesses manage their customer data.

Data protection has always been a high priority for the financial sector, but the impact of GDPR will be widely felt. A recent YouGov survey found that only 29% of businesses have begun to prepare for GDPR, with 71% of respondents admitting to being unaware of the fines they might face if found in breach of the new rules.

The two main effects on KYC will be:

Increased security requirements for KYC data

Under GDPR financial institutions will have to be stringent in their control in the storage of data. Many companies are still not careful enough; employees may be inadvertently storing data in the public cloud, inexperienced managers allowing unsecured BYOD’s (Bring Your Own Device) and staff taking work and sensitive data home.

Information security protocols will need to be defined in each area of the business, and upheld within third party organisations, to ensure that the requirements of GDPR are fully met.

Increased use of automation

Data sensitivity has become so much more difficult in the digital age. Where a single photocopied passport might have been easy to keep track of, the amount of digital data and the simplicity with which it can be shared creates a heavy burden on those who hold it. Automating onboarding, monitoring and data enrichment processes will be required to manage the requirements of GDPR. And, while investment in technology developments in the data protection sphere continue to grow, so too does the investment in criminals in finding ways to penetrate it. 

What is 'Due Diligence'

Due diligence is the investigation of a potential investment or individual to confirm that all facts, financial records, adverse media or anything else that may be relevant are present before making a commitment to any business relationship.  Typically, a business that is in the process of acquisition would be the subject of reputational due diligence to ensure that the buyers interests and brand name are protected from any damage later caused by undisclosed financial issues or information that had been withheld.

Consider the following scenario:

A multinational telecoms company begins the process of the acquisition of a smaller business.  As part of the due diligence investigation, it is discovered that the Managing Director of this business had not only been found guilty of sending millions of spam emails to unsuspecting customers whilst running another, now dissolved company, but that they were also under investigation for various bad selling practices.

With full knowledge of these facts, the multinational company reviews their options:

  • Walk away from the acquisition entirely, having avoided a minefield of potential problems.
  • Negotiate new terms of the acquisition in the light of this information, and cautiously proceed with the acquisition.
  • Continue with the buyout as planned, under the provision that the Managing Director steps away from the business in a controlled manner.

A thorough Due Diligence investigation can save your company time and money, not to mention protecting you from potential future problems caused by undisclosed company information.

Here at Security Watchdog we have an experienced Due Diligence team dedicated to making sure you only deal with companies with integrity.  

Social Media Vetting: The Truth

In recent months, there has been a flood of comments on the use of social media as a part of vetting prior to employment, with many expressing concerns about privacy, ethics, and the potential for discrimination against various social groups.  It should be made clear that the online stalking of either current employees or potential candidates prior to even being interviewed is not an appropriate use of this valuable tool, and is not only irresponsible but in some cases, could be illegal - Indeed, provisions are already being recommended for inclusion in the forthcoming data protection overhaul, the GDPR, to counter this practice.

There are more benefits to the responsible use of social media vetting than many individuals may realise or like to admit – responsible in this case being defined as being controlled, impartial, performed at an appropriate time within the on-boarding process (for example, once a position has been offered and accepted, subject to further checks) and with a sensible approach to the date of publication of any content, and the candidates age at the time the content was published – it would be unfair to penalise any individual for content posted years before their current employment application, or when they were only sixteen years old.

A robust, compliant and responsibly managed social media vetting program can protect both the employer from bad hires that prove costly from a time investment and financial perspective, and current employees from being exposed to antisocial or irresponsible bad hires that diminish morale and personal security.  A good social media vetting system will also contain an impartial human element that can differentiate between the use of sarcasm, humour and potentially adverse content, and will also be able to take the context of the information into account, allowing an informed yet real world approach to be adopted.

Your Social Media CV

In a world where more and more information is freely shared on the internet by individuals, it is no longer realistic to think that content posted online will remain private.  It is wise to consider your online footprint as an extension of your CV, only far more useful as a means of presenting an accurate representation of yourself to others - including potential employers.  Whereas a CV is often a dry, fact based document that is undeniably essential to your career, your online presence is the perfect way to express who you are and what your ideals may be, selling your personality to prospective employers in a way that no CV can.

Remember, in an already competitive job market, any chance that you have to highlight your strengths should be taken, and a good social media profile should go hand in hand with your CV to present the best view of you that is possible.

Finally, if you feel that the importance of your social media presence is being overstated, consider that a recent survey found that more than 40% of employers had hired candidates because of the content found on their social media.