EU tightens money laundering regulation to ensure compliance with financial sanctions

In May 2024, the European Union adopted a far-reaching reform of money laundering law. In addition to the prevention of money laundering and terrorist financing, the European legislator's amendment also addresses the issue of financial sanctions for the first time. Obligated parties must fulfil the new requirements by July 2027. Find out how this can be achieved here.

The Act on the Tracing of Profits from Serious Crime ("Money Laundering Act" for short) regulates measures that obligated companies must take to prevent money laundering and terrorist financing. Obligated companies include, for example, financial institutions, real estate agents, gambling providers and goods traders.

The current Money Laundering Act does not address compliance with financial sanctions. The relevant regulations can be found primarily in the Foreign Trade and Payments Act (AWG) and in the legal ordinances issued on this basis. Due to the different regulatory circles, the responsibilities for preventing money laundering and terrorist financing on the one hand and complying with sanction regulations on the other have often been separated in companies to date.

The Money Laundering Regulation now addresses specific sanction law requirements for the first time. According to its recitals, obliged entities play a central role as gatekeepers of the economic and financial system. They must therefore take measures to minimise risks arising from the non-implementation or circumvention of targeted financial sanctions.

This includes restrictive measures against third countries, non-state entities and individuals imposed by the Council of the European Union under the Common Foreign and Security Policy. For example, the Council can order the freezing of assets or stipulate that assets may not be made available to certain entities. It should be noted that not only the direct provision of assets is prohibited, but also actions to circumvent such prohibitions ("indirect provision").

Closer integration of the anti-money laundering organisation and sanctions compliance in companies is desirable in order to be able to manage compliance with financial sanctions and money laundering prevention from a single department. Ideally, this dovetailing should go beyond purely organisational measures such as merging responsibilities or changing reporting lines.

Companies have already taken measures in the past to prevent them from entering into or continuing unauthorised business relationships with sanctioned countries, organisations or individuals. To this end, they have implemented guidelines, processes and (manual) controls. In the financial sector in particular, technical precautions for the automated comparison of business partners and transactions with relevant sanctions lists are also common.

The Money Laundering Ordinance takes a holistic perspective with the aim of minimising risks arising from the non-implementation or circumvention of sanctions. To this end, the legislator has added a sanctions-specific component to the following obligations under money laundering law. Companies are obliged to

• carry out a company-wide risk analysis,
• create internal strategies, procedures and controls,
• set up a compliance function and
• audit customers and beneficial owners.

Existing measures must be reviewed and supplemented accordingly. If these requirements are already being met by another organisational unit, synergy effects can be generated by combining responsibilities.

There are also new specific obligations in relation to customers who are subject to United Nations financial sanctions. Obligated companies must keep records of funds and other assets that they manage for these clients. This also applies to transactions initiated by or carried out for these customers. The measures are limited to the period between the publication of the sanctions listing and the date of its application.

In addition to the purely technical and procedural changes, obligated parties also face fundamental challenges at the macro level:

The new requirements will apply from 10 July 2027 and the implementation effort involved will vary depending on the maturity of the existing compliance management system and the interdependence of its sub-areas.

If no specific structures have yet been established for monitoring sanction regulations, the foundations must now be laid in the form of a framework guideline. Processes are also required for the ongoing review of the business partner portfolio, including corresponding control measures and escalation channels. If structures are already in place, these must be harmonised with the existing responsibilities, processes and measures for the prevention of money laundering and terrorist financing. In any case, companies should review their existing compliance management to ensure that they can adequately assess and effectively manage sanction risks.

The experts at KPMG will be happy to answer any questions you may have about money laundering prevention and sanctions compliance.