AML Practical Guidance for Financial Services in Europe: Making The Most of The 4AMLD

September 16, 2016 by Joe Bloemendaal

Until recently, market regulators and supervisory bodies in the European Union would require financial institutions to verify the identity of their customers in person, or to ask them to send their original ID documents to their premises for authentication.

But the new regulation not only accepts that electronic means of ID verification are as valid and trustworthy as in-person identity verification, but stresses the advantages of electronic ID documents authentication for account opening, record keeping, and high-value transactions monitoring. 

In its response to the European Commission Green Paper: Retail Financial Services, the British Financial Conduct Authority’s stresses that “As a regulator we expect banks to maintain high standards for identity verification of new customers, and any adoption by banks of digital identity services must meet high governance standards in order to present a possible solution to these challenges. We recommend more end-to-end testing and further analysis of the practicalities and potential benefits of using digital ID compared to current practices, in terms of improved ID verification and reduced fraud.”

In a similar vein, the latest Anti-Money Laundering Directive passed by the European Commission, and the directive’s amend (commonly known as 4.1 AMLD), makes the point for electronic means of identity verification, arguing that the technology currently available will help financial institutions to comply with the EU’s efforts to combat money laundering and the financing of terrorism.

Mitek has put together a quick reference guide covering the most recent AML and KYC regulatory developments in Europe. Download this free guide to be better prepared to turn the new regulation’s to your advantage.

What are the main challenges the 4.1 AMLD poses for financial institutions?

For banks and financial institutions in Europe, the success of digital onboarding is going to be very much linked to the adoption of cost-effective ways of enrollment that not only tick all the AML and KYC compliance boxes but also ensure a pleasant, secure and instant user experience.

Aimed to further step up the fight against the financing of terrorism, the European Commission amended the 4AMLD in July, focusing on five specific points:

  1. Enhanced due diligence requirements regarding high-risk third countries. The immediate impact for financial services is that once the directive was enforced, there would be fewer scenarios where SDD (Simplified Due Diligence) was acceptable. Likewise, the situations where CDD (Customer Due Diligence) needs to be conducted again would multiply exponentially, as all the institutions affected will be in the need of reviewing their definition of high risk – to be aligned with the expanded definition provided within the new directive -, wherein enhanced due diligence is necessary (including remote transactions).
  2. Amplified definition and obligations regarding politically exposed persons (PEPS) and their families. Stronger KYC Controls Required. The 4AMLD asks for a more focused approach to business partner and customer due diligence controls, including the documentation and implementation of enhanced due diligence measures for higher risk countries, sectors, products and customers within the policies and procedures. Under the 4AMLD, the definition of a politically exposed person (PEP) has been revised and extended to include citizens holding prominent positions in their home country such as politicians, the judiciary and senior members of the armed services as well as those of overseas countries. Now, parents, spouses (or equivalent partners), children and their spouses or partners are also to be treated as being PEPs.
  3. Expanded reach to cover more types of organizations, including fintech companies such as virtual currency wallet providers and exchangers. This amend is understood to be very much in line with the latest financial crimes where the use of Bitcoin for money laundering was suspected to have grown dramatically.
  4. E-money products will be specifically regulated under MLD4 for the first time. Countries can discretionarily apply some exceptions and allow some exclusions to this regulation as long as certain conditions are met. These include restrictions that the payment instrument, such as a pre-paid card, cannot hold more than €250, cannot enable more than €250 in monthly transactions, is used solely to purchase goods or services, and cannot be funded anonymously. Similarly, virtual currency exchange platforms are now included and must go through the same level of scrutiny than traditional financial institutions.  
  5. KYC thresholds have been lowered, forcing every institution to review their own threshold limits based upon their risk assessment criteria and allowing for a balanced risk-convenience mix. For example, for eMoney operators, there are now lifetime limits, as opposed to annual limits. Threshold limits that were previously set at €2500 are now at €250. If lifetime limits are passed, the KYC threshold drops to €150.
  6. The access of Financial Intelligence Units (FIUs) to – and exchange of – information to strengthen FIU powers and cooperation. From January, 2017 onwards, FIUs will be allowed to access to centralized bank and payment account registers or electronic data retrieval systems.
  7. Sanctions have been updated and it is now mandatory for EU countries to impose these sanctions on firms and individuals who don’t comply with the Money Laundering Directive. The maximum fine has been set at least twice the amount of the benefit derived from the breach or at least €1 million. Breaches committed by credit or financial institutions (legal persons) will cost at least €5 million or 10% of total annual turnover, while natural persons involved with these breaches will be penalized with a maximum fine of at least €5 million.


Even if the 4.1.AMLD adds some pressure on financial services to comply with its new and more extensive requirements in a shorter period of time – the amended directive brings the start date forward, from June, 2017 to January, 2017 – it also lends a helping hand as it encourages banks, prepaid card operators, virtual/digital currency processors, exchanges and wallets to embrace the digitalization of traditionally cumbersome processes such as identity verification, ownership validation, and extensive background checking.