Similar to the EU anti-money laundering directives on which it is based, the German AMLA pursues two interrelated objectives: to combat organized crime and prevent terrorist financing. In order to achieve these goals, the AMLA mandates preventive measures by professionals (companies and individuals) that are active in certain enumerated sectors, including financial institutions, insurance companies, tax advisors, and real estate agents.
The AMLA follows a risk-based approach. The higher the risk that a business relationship or individual transaction involves money laundering, the greater the obligation on the professional to take preventive measures. The preventive measures include various investigation, documentation, and notification obligations that aim to (i) identify the origin of the money or other asset used in a transaction, (ii) identify the persons who are involved in and ultimately benefit from the transaction and (iii) report suspicious transactions to the German Financial Intelligence Unit (“Zentralstelle für Finanztransaktionsuntersuchungen”).
Violations of the obligations arising from the AMLA are subject to administrative fines of up to the higher of EUR 5 million or 10% of the professional’s annual turnover.
1. Professionals Covered by the Anti-Money Laundering Act
The AMLA does not apply to everyone. The professionals and entities subject to AMLA obligations are set out in a numbered list contained in Section 2 AMLA. While the majority of the listed professionals are subject to AMLA obligations with respect to their entire professional activity (e.g., banks, tax advisors, auditors), some professionals are only subject to AMLA obligations when carrying out or assisting in specific transactions (e.g., lawyers).
The current list of professionals subject to AMLA obligations is set out in Section 2 AMLA.
2. Obligations arising from the Anti-Money Laundering Act
The AMLA does not provide for one specific set of obligations that applies equally to all professionals subject to AMLA obligations. Rather, the AMLA requires, as a matter of principle, that covered professionals set up and operate an effective risk management system to avoid money laundering and terrorist financing that is appropriate in light of the individual professional’s type and size of business (Section 4 AMLA).
The risk management system needs to consist of two elements: a risk analysis element (Section 5 AMLA) and internal safeguards (Section 6 AMLA).
a. Risk Analysis
The risk analysis, in essence, is a report on the professional’s overall risk exposure to money laundering and terrorist financing. The risk analysis needs to be documented and reviewed regularly. If necessary in light of changes in the professional’s business or its money laundering risk profile, the risk analysis needs to be updated.
The AMLA does not set forth a format for the risk analysis. In terms of substance, it requires that the lists of factors included in the AMLA as well as the contents of the German national risk assessment be considered in the risk analysis. The AMLA attaches, as Annex 1, a list of factors indicating a potentially lower risk of money laundering and terrorist financing. Annex 2 contains a list of factors indicating a potentially higher risk. The German national risk report is issued periodically by the German Federal Ministry of Finance, a report that discusses the risk factors set forth in the AMLA as well as any other developments with respect to money laundering based on empirical data.
The professional’s risk analysis needs to be made available to the professional’s supervisory authority upon request.
Under certain circumstances, the supervisory authority may allow a professional to conduct its business without documenting its risk analysis. This requires that the money laundering risks pertaining to that professional’s business are clearly identifiable and understood. Most larger and/or sophisticated businesses do not qualify for this narrow exception. Hence, the preparation and periodic update of a documented risk analysis is common and best practice in the German market.
b. Internal Safeguards
Professionals subject to AMLA obligations have to implement internal safeguards to prevent the use, or abuse, of their business for money laundering purposes. The internal safeguards are meant to create an environment in which transactions involving a risk of money laundering are identified and reported before the transaction is carried out.
Section 6 AMLA contains a non-exhaustive list of internal safeguards that a professional is expected to implement to the extent it is appropriate in light of the size and risk profile of its business:
- the preparation and implementation of internal policies including relating to (i) measures aimed to identify money laundering, (ii) customer identification, (iii) fulfilling notification requirements if a money laundering risk requiring notification is detected and (iv) the documentation of the professional’s anti-money laundering efforts;
- the appointment of an anti-money laundering officer and a deputy anti-money laundering officer; the appointment is mandatory for certain professionals pursuant to Section 7 AMLA;
- for parent companies, the development of group-wide policies;
- the introduction of measures to prevent the abuse of new products and technologies for purposes of money laundering;
- the review and verification of the reliability of the professional’s employees;
- the training of the professional’s employees in matters of money laundering prevention;external audits of the professional’s anti-money laundering safeguards.
c. Transaction-specific anti-money laundering measures
The AMLA obligations extend beyond assessing a professional’s overall risk of money laundering. Pursuant to Section 10 et seq. AMLA, the professional has to take specific preventive measures during the onboarding phase of a new business relationship or new individual transaction (e.g., the opening of a new bank account, the onboarding of a new legal client or start of a new transaction for an existing client, etc.).
Identification of customer and other involved persons
For each new business relationship and, subsequently, for each new transaction, a professional subject to AMLA obligations needs to identify its customer or co-contracting party (i.e., ask the customer or co-contracting party to identify itself) and verify the information so obtained (e.g., by checking a natural person’s ID or driver’s license or checking a company’s commercial register excerpt).
The same obligation exists with respect to the natural person acting for the customer or co-contracting party, e.g., the general manager of a company or the parent acting for a minor.
Finally, the professional needs to identify the ultimate beneficial owner of the customer or co-contracting party. Pursuant to the law, only a natural person who controls the customer or directly holds more than 25% of the shares or voting rights in the customer can qualify as ultimate beneficial owner. There are, hence, numerous types of customers and other co-contracting parties who do not have an ultimate beneficial owner within the meaning of the German AMLA, e.g., listed stock corporations.
The obligation to identify these persons exists whenever a new transaction is contemplated, it does not change depending on the risk profile of the transaction. The obligation to verify the identities of the above-mentioned persons is stronger in higher-risk situations and weaker in lower-risk scenarios. For example, in a lower-risk scenario, the identity of a registered representative of a company may be confirmed based on the information in a publicly accessible register, whereas in a higher-risk scenario, the person needs to present his or her ID or use other approved methods of identity verification set forth in the AMLA (these include ways to verify a person’s identity via video).
Due diligence regarding business relationship or transaction
In addition to identifying the persons involved, the AMLA requires for all transactions that the professional understands at least (i) what the transaction is about, (ii) whether the customer or co-contracting party is acting for itself or for a third party and (iii) whether a politically exposed person or a close relative or family member of a politically exposed person is involved in the transaction.
In a higher-risk setting, the professional is obligated to further investigate the circumstances of the new business relationship or transaction. These further obligations are detailed in Section 15 AMLA. Most notably, the professional needs to investigate the source of the funds to be used in the transaction and the source of wealth of the ultimate beneficial owner.
AMLA Annexes 1 and 2 list factors that a professional needs to consider when assessing whether a new business relationship or transaction has a lower risk, normal risk, or higher risk of money laundering. These factors are grouped into three categories: (i) customer risk, (ii) product risk, and (iii) geographical risk.
Lower risk example: If a transaction involves a customer that is a listed stock corporation (lower customer risk) registered in the EU (lower geographical risk) that wishes to issue new life insurance policies with a low insurance premium (lower product risk), the overall transaction may be classified as lower risk with the consequence that the professional may contend itself with a lesser degree of due diligence before working on the transaction.
Higher risk example: If a transaction involves a customer whose shares are held by trustees on behalf of other persons (higher customer risk) and new technologies (higher product risk) and funds are being provided by a person domiciled in a country that is known to suffer from high levels of corruption (higher geographical risk) the professional is subject to increased due diligence obligations.
The involvement of a politically exposed person and a strong relationship of the new transaction to a high-risk country, each individually, require that the entire new transaction be classified as higher risk, thereby triggering increased due diligence requirements. This is true irrespective of whether there are also factors suggesting a lower risk, or if all other aspects of the transaction appear normal. If the professional is a corporate entity, work on higher-risk transactions requires approval at the executive level.
3. Supervision of professionals pursuant to Section 50 of the AMLA
Professionals subject to AMLA obligations are subject to supervision by a number of different supervisory authorities, depending on the sector in which the professional carries out its business. These authorities conduct periodic audits to assess whether each professional complies with its AMLA obligations. The full list of competent supervisory authorities is set out in Section 50 AMLA.
The supervisory authority is not identical to the authority that a professional needs to notify when such professional identifies a concrete money laundering risk, that latter authority being the Financial Intelligence Unit (Zentralstelle für Finanztransaktionsuntersuchungen).
4. Notification obligation
A professional subject to AMLA obligations must immediately send a notification to the Financial Intelligence Unit if the professional becomes aware of facts that suggest that (i) an asset associated with a transaction is derived from a criminal offense, or (ii) an asset or transaction is associated with terrorist financing, or (iii) a customer failed to inform the professional whether it is acting for a third party.
The notification needs to be made electronically. The Financial Intelligence Unit receives notifications through a website that professionals subject to AMLA obligations need to register with.
Certain exceptions to the notification obligation apply to lawyers, certified public accountants, and tax advisors. These professionals are generally not required to file a notification unless they know that their client is using their services to commit money laundering or terrorist financing. On the other hand, the German Ministry of Finance published a regulation effective October 1, 2020 requiring this group of professionals to notify the Financial Intelligence Unit about certain real estate transactions irrespective of whether any particular fact suggests that the transaction may involve money laundering or terrorist financing. Such notification does not constitute a breach of professional secrecy.
Once the professional has notified the Financial Intelligence Unit, it must not carry out the transaction unless (i) the Financial Intelligence Unit or the State Prosecutor has allowed the transaction to go forward, or (ii) three business days have passed since the notification was sent and neither the Financial Intelligence Unit nor the State Prosecutor has prohibited the transaction, or (iii) delaying the transaction is impossible or would endanger the further investigation of potential criminal conduct.
The professional must not inform its customer of the contemplated or completed notification to the Financial Intelligence Unit. Except as expressly allowed in the AMLA, the professional is also prohibited from sharing that information with any other third party.