KYC360: What 6AMLD Doesn’t Say About Legal Liabilities 

With only a day to go before the deadline for EU member-states to transpose the bloc’s Sixth Anti-Money Laundering Directive (6AMLD), significant questions remain unanswered about how it will be enforced on a national-level.

In an apparent response to recent banking scandals, the directive will make the “aiding and abetting” of money laundering a common offence across the bloc in an effort to deter corrupt accountants, tax advisors and financial service providers from facilitating criminal enterprises. The directive also establishes baseline criminal penalties for money laundering and harmonises the bloc’s list of predicate crimes upon which such prosecutions could hinge.

These are laudable steps that are likely welcomed by many in the compliance community, even if it remains unclear what member-state implementation will look like down the road. More concerning, or at least in need of further clarification, are the directive’s provisions on company liability and the role individuals can play in an institution’s failure to prevent money laundering.

Under Article 7 of the directive, EU members must ensure that legal persons—i.e., legally incorporated entities—can be held liable for the conversion, transfer, concealment or acquisition of property knowingly derived from, or through, criminal activity. Should a business knowingly assist a third party in disguising the origin of property obtained through criminal means, it can still be held criminally liable, under 6AMLD.

The liability extends to a legal entity even when the criminal violation is committed by an individual who is acting in order to benefit his or her employer without the consent or knowledge of the business as a whole, provided that the employee has (a) a power of representation of the legal person, (b) an authority to take decisions on behalf of the legal person, or (c) an authority to exercise control within the legal person.

Financial institutions and other firms can find themselves facing criminal liabilities for the actions of rogue employees, in other words. The directive also makes explicit the fact that invoking corporate liability doesn’t necessarily mean that natural persons—i.e., individuals—will escape criminal charges if they are deemed to be “perpetrators, inciters or accessories” to any of the offences committed by the firm.

The corporate defence in such instances would likely rely on the argument that the business had in place “adequate procedures to forestall”—a legal tack that has been seen in UK cases alleging bribery and tax evasion liabilities for corporates.

While the UK government has indicated that it will not be incorporating 6AMLD, as it believes it has equivalent or greater provisions already, it has already introduced “failure to prevent” corporate offences for bribery and tax evasion and is considering the same for economic crimes in general.

These steps have a great deal of merit to them when viewed broadly. In the abstract, everyone is likely to agree with the premise that institutions should not walk away from wilful criminal activity unscathed.

Yet the broad provisions set out by 6AMLD fail to fully address the criteria under which directors, trustees or MLROs might be open to criminal prosecution under an ambiguous transposition of the directive by EU member-states. Nor do they make clear what “knowingly” means on a corporate level, particularly for large institutions implementing a risk-based approach (RBA) to compliance, as recommended by FATF.

These lacunae will now need to be hashed out by lawmakers, supervisory bodies, law enforcement and industry itself. But the risks of such ambiguities, as they currently stand, are twofold.

Firstly, there is the risk that the potential of criminal liability will work to counteract an institution’s risk-based approach. If the governing presumption is that money laundering occurred simply because a company’s AML policies or procedures were inadequate, then the EU officials who drafted the directive, and the national bodies that transposed it, have missed something fundamental.

In reality, despite the most stringent controls, there are always cases of money laundering that creep through. To what degree an institution is expected to “knowingly” perceive such illicit activity—particularly when current regulations do not require that a bank, for example, know for certain that a suspicious transaction is linked to money laundering—remains unclear.

How should criminal investigators and financial supervisors respond to money laundering that occurred through a business or product line deemed to be low-risk under the risk-based approach, and to what degree must an individual with the authority to make decisions in the firm be aware of the illicit activity for it to rise to the level of a criminal liability for the corporate?

Secondly, whether firms are willing to admit it or not, the finger always points to compliance when there are first-line failings, as the matter invariably becomes political and parties seek to shift blame and exempt themselves.



When coupled with recent developments in which struggling FCUs now shift the burden back to an MLRO to take a commercial decision in relation to a reported suspicious transaction, the directive’s ambiguity could add to the perception that the MLRO’s position is now becoming untenable.

A lack of clarity when it comes to criminal or professional liabilities is not in the interests of either the industry or the regulator, and it isn’t going to catch any more criminals. To assure compliance professionals throughout the bloc, more needs to be said on where the explosives in the minefield lie.

Ideally, MLROs should be provided a legal consent if they have not heard back to the contrary from their respective FCU within seven business days. They should also be exempt from prosecution for corporate failings by their state or firm under the law, absent gross negligence, because their job is already hard enough.

This would provide them with the rock-solid standing to be truly independent from their firm and guarantee that their voices are listened to, because in the worst cases, the competent MLRO will not be going down with the ship; the board and the front-line will. Such safeguards would force the firm to extract data from the MLRO to remain comfortable to continue operating and ensure the MLRO is properly resourced, because the MLRO is the one that gets to turn off the lights when the muck hits the fan.

Clarifying and extending the protections that compliance work can and should afford might also help to clarify what role states have played in the failure to fight dirty money, particularly when it comes to proper resourcing.

A recent article published by KYC360 suggests that annual U.S. SAR filings have increased 1688% between 1999 and 2017, from 120,505 to 2,034,406 reports over the nearly 20-year-period. Authorities are clearly now receiving vast volumes of data and not acting on it, yet it seems firms are the ones that pay the biggest price for gaps in national AML regimes. In fact, it has been suggested that only four of 47 countries assessed showed any real enforcement of bribery-based crimes.

We all want criminals go to jail but the last thing industry needs is to foster the perception that honest and competent compliance staff could be criminally or professionally penalized for lapses beyond their command. More guidance is merited if governments and institutions want to avoid the possibility of their compliance talent scanning the job adverts for signs of greener pastures.


Stephen Platt is the author of ‘Criminal Capital’ and the Founder of KYC360


December 2, 2020 Published on KYC360


Recent Posts