Appointment of an auditor also for registered AIFMs
With the introduction of section 45a German Capital Investment Act (KAGB), registered AIFMs are now also obliged to have their annual financial statements audited for financial years beginning after 31 December 2020. The audit by the auditor also covers the implementation of the obligations under the GwG (for more information on the new audit requirement, see also here).
Implementation of an effective risk management system
As obligated parties under the GwG, AIFMs must set up an effective risk management system that includes a risk analysis and internal safeguards. This forms the core of the risk-based approach, which, as a central basic element of international and European requirements to combat money laundering and terrorist financing, serves to ensure the effective use of resources. With the anchoring in section 3a GwG, this approach is further strengthened.
Risk analysis and internal safeguards
The risk-based approach presupposes fact-based decision-making that enables a targeted response to the identified risks. Against this background, the criterion of effectiveness is also to be understood, which, according to German Federal Financial Supervisory Authority (BaFin), is fulfilled if the risk management system includes the entire business activity of the obligated party, comprehensibly takes into account the resulting risks and the safeguarding measures derived therefrom are to be considered appropriate with regard to these risks. In this respect, the risk analysis to be prepared plays a key role in dealing with the obligor’s individual risk situation. It represents the starting point of the money laundering prevention measures and aims to fully comprehend the specific risk of money laundering and terrorist financing, taking into account the customer, product and transaction-related as well as geographical risks. The Annexes to the GwG contain a non-exhaustive list of risk-increasing and risk-reducing factors. In addition, AIFMs must take into account various guidelines as well as national and sectoral risk analyses when preparing the risk analysis. Based on the results of the risk analysis, appropriate business and customer-oriented internal safeguards must be created.
Responsibility and Money Laundering Officer
The person responsible for risk management and compliance with money laundering regulations is a member of management to be appointed. In addition, AIFMs must appoint a money laundering officer and a deputy at executive level. As the central figure for the implementation of money laundering prevention measures, the money laundering officer is responsible for implementing and monitoring compliance with all relevant regulations for the prevention of money laundering and terrorist financing. The money laundering officer and his deputy must be notified to BaFin in advance.
Customer-related internal safeguards
Know Your Customer
The establishment of a new business relationship or a transaction with a value of at least 15,000 euros triggers the obligation to identify the contracting party, the person acting on behalf of the contracting party and any divergent beneficial owner as well as to determine whether the contracting party or the beneficial owner is a politically exposed person (“PEP”) or a person closely associated with him. Furthermore, the background of the business relationship must be identified and the business relationship must be continuously monitored.
Identification takes place in two steps: First, certain personal or company-related information must be collected. Then, the information collected must be validated and evaluated on the basis of certain evidence. Depending on the identified risk, general, simplified or enhanced due diligence obligations must be fulfilled, which differ in terms of the scope and depth of the measures to be taken.
The normal legal case is the identification and verification of a natural person’s details by means of an identity document presented on site. In addition, other conclusively listed proofs of identity are permissible, the validity of which the obligated party must verify in suitable procedures. BaFin Circular 3/2017 confirmed in particular the equivalence of the video identification procedure.
Beneficial owner
In addition, there is an obligation to identify any beneficial owners. It is important to note that collecting the information solely from the transparency register is not sufficient to fulfil the obligation. The new provisions of section 12 (3) GwG are accompanied by both a tightening of the previous obligations and an easing of the scope of the verification obligation. When establishing a new business relationship with a company or other legal entity, inspection of the transparency register must be carried out and proof of registration or an extract of the data accessible via the transparency register must be obtained. If the information contained in the Transparency Register corresponds to the information collected by the AIFM itself and if there are no other doubts as to the identity or position of the beneficial owner or as to the correctness of the information entered in the Transparency Register, no measures beyond the inspection of the Transparency Register need to be taken to verify the information. If discrepancies are discovered in the course of the verification of the information, a report of discrepancy shall be submitted to the entity keeping the register without delay.
Transparency Register
When dealing with the Transparency Register, particular attention must be paid to the changed legal situation regarding the notification obligation. With the amendment to the GwG that came into force on 1 August 2021, the notification fiction, according to which the fulfilment of the obligation to notify the beneficial owners to the transparency register was deemed fulfilled if the ownership and control structures could already be traced from other electronic registers (commercial, cooperative, partnership or association registers), no longer applies. Now, all legal entities mentioned in sections 20, 21 GwG are obliged to actively report their beneficial owner to the transparency register, subject to the transitional periods regulated in section 59 (8) GwG. This also results in transitional periods to be taken into account for the submission of a discrepancy report pursuant to section 59 (10) GwG.
Further internal safeguards
Background check and training of employees
The safeguards to be taken require in particular a check of the reliability of the employees. The criterion of reliability is fulfilled if the employee guarantees that he or she carefully observes the obligations under money laundering law, reports suspicious cases to the money laundering officer and neither actively nor passively participates in doubtful transactions or business relationships. The concrete design of the check must be risk-oriented for all employees who work in areas relevant to money laundering and terrorist financing or who have direct access to the business premises. In addition, employees must be informed for the first time and on an ongoing basis about the typologies and current methods of money laundering and terrorist financing as well as the relevant regulations and obligations.
Whistleblower
Furthermore, a possibility must be created for employees to confidentially report internal violations of money laundering regulations. It is up to the obligated parties to decide which internal unit is responsible for receiving the respective reports and how the confidentiality of the identity of the employees concerned is ensured.
Suspicious transaction reporting
If the AIFM becomes aware of facts that indicate that money laundering or terrorist financing may be taking place or that a beneficial owner is not being disclosed, it must immediately submit a suspicious transaction report to the German Financial Intelligence Unit (FIU) located at the Customs Criminal Investigation Office (Zollkriminalamt). It is not necessary to exceed a certain threshold of suspicion, as required, for example, in criminal procedure law. A significant change results from the new version of the money laundering offence in the Criminal Code. With the abandonment of the enumeration principle in section 261 (1) of the Criminal Code, all offences are now considered possible predicate offences to money laundering. The obligation to report exists regardless of the value of the asset.
The report must be submitted electronically via the reporting portal “goAML”. Irrespective of the submission of a suspicious transaction report, all obligated parties must register with the FIU for the electronic procedure when the new information network of the FIU goes into operation, but no later than 1 January 2024.