Anti-Financial Crime & Financial Crime Compliance
Leadership | Insight | Network

Analysis & Opinion, Compliance News, EU/Europe, North America

SPECIAL REPORT: America’s new AML law, how it is likely to conflict with Europe’s data protection rules and what needs to be done to fix the issues

By <strong>Sylvie Matherat</strong> for AMLi
By Sylvie Matherat for AMLi

Supervisory Board Member at My Money Bank. Former Chief Regulatory Officer at Deutsche Bank Group

THE NEW anti-money laundering law which has just been passed in the US ( AMLA) is the most significant reform since the Patriot Act of 2001. It requires more transparency, tries to introduce some simplification regarding filing processes – but also brings challenges in terms of international cooperation. Of course it should also lead to more AML enforcement.

Regarding transparency, the search for an ultimate beneficial owner will be reinforced in order to prevent the use of shell companies. FINCEN will establish a non-public beneficial ownership register from which it will be able to disclose information to financial institutions helping them to enhance their Customer Due Diligence (CDD) processes.  The text also logically expands requirements to new risk channels such as virtual currencies

The most expected improvements are likely to be the long-awaited clarification of public sector expectations along with simplification in terms of filing processes. Here the new act seems to recognize a risk-based approach as financial institutions will have to establish “ reasonably designed risk-based programs” which should match national priorities determined by the US Treasury.

Moreover, a review of thresholds for SAR (Suspicious Activity reporting) and CTR (currency transaction reporting) is foreseen and non-complex filings should be streamlined.

‘As a matter of fact, GDPR forbids what the US AMLA requires. In such a situation what should an international bank do? Provide the information required to the US and breach the EU law or refuse to give this information and breach the US law?’

But more than that, the international aspects of the text are very important to note.

First AMLA will allow financial institutions to share SARs with their affiliates outside the US with the exception of entities located in Russia or China. This measure is a great improvement to help international financial groups to fight terrorism and money laundering as it will begin to allow a consolidated approach in that field. Obstacles to information sharing so far have been hugely detrimental to AML controls efficiency.

Second, AMLA provides the Department of Justice (DOJ) with the authority to access accounts from a bank that has a correspondent account in the US even if those accounts are held outside the US.

This gives de facto an extraterritorial impact to this text which is not only an issue in itself but also increases the likelihood of a conflict of law with the EU.

Indeed, as a matter of fact, the EU act on data protection (GDPR for General Data Protection Regulation) forbids what the US AMLA requires.

In such a situation what should an international bank do? Provide the information required to the US and breach the EU law or refuse to give this information and breach the US law?

‘Friction already exists between that regulation and the former US framework but the new text will make the problem more acute.’

Given that neither the US nor the EU recognizes the other’s legislation as a legitimate reason for non-compliance this scenario is likely to occur.

It must be noted that this contradiction already exists within the EU as the 4th AML Directive (4AMLD) requires financial institutions to share some data with foreign regulatory bodies while GDPR forbids it or rather limits cross border transfers of personal data to countries deemed to have the same level of protection than in Europe, which is not the case for the US.

Therefore friction already exists between that regulation and the former US framework but the new text will make the problem more acute.

‘Given that no international regulator seems to consider themselves in charge at this stage it may be an issue for the Financial Stability Board, which has the merit to combine both US and EU representatives.’

How to deal with such a situation?

In order to avoid financial institutions acting in good faith to be trapped, more guidance is certainly needed; as a matter of fact even if GDPR allows for data sharing in case of a “legal obligation”, the way to interpret it is key. In addition, even if the GDPR lists derogations under which such transfers can be made, they all imply lengthy processes.

Given that no international regulator seems to consider themselves in charge at this stage it may be an issue for the Financial Stability Board, which has the merit to combine both US and EU representatives.

Such an international forum could provide guidance to ensure that data protection is not used as an excuse to escape information sharing on criminal activities and networks.

Guidance will certainly be welcomed not only by international banks which will have some principles to rely on but also by lawyers and courts as, even if those principles will not be legally binding, they will shade some clarity on what should be good practices in this field.


ABOUT THE AUTHOR:

Sylvie Matherat began her career in 1987 in banking supervision at the Commission Bancaire (ACPR – Banque de France). In 2007, she took over as Head of Financial Stability at the Banque de France before being appointed Deputy Director General-Operations in 2011.  Very active internationally, she represented France from 2006 to 2014 on the Basel Committee, where she chaired several sub committees and participated in the development of Bale 3. In 2014 she joined the Deutsche Bank Group as Global Head of Government & Regulatory Affairs and then the Group’s Executive Board in 2015 as Chief Regulatory Officer until 2019. She was also a member of the Executive Board of DB USA and a member of the Supervisory Board of DWS. In 2016, she was elected Vice Chair of the Global Financial Markets Association (GFMA) and became its Chair in 2018. From November 2019 to June 2020, she participates for the European Commission in the High Level Forum on CMU (Capital Market Union) on the future of European financial markets. In December 2020, she joined the Supervisory Board of My Money Bank (Cerberus). 

Share this on:

Follow us on:

AML Intelligence
We hope you enjoyed reading this article

If you would like unlimited access to AML Intelligence premium articles, newsletter delivered twice a week, access to our Global Bank Fines and Penalties database, free access to Boardroom Series events and much more, select one of our subscription options and become a subscriber!