In the past decade, governments, businesses, and organizations worldwide have increasingly fought against money laundering and terrorist financing. Despite progress, these threats persist and evolve.
The article provides an overview of some of the most drastic events of the past ten years and regulatory developments in the EU, particularly in Luxembourg, and an outlook on future regulatory developments and perspectives regarding the fight against financial crime.
Multiple revelations (so-called leaks), scandals, and other incidents related to financial crime have had significant economic, legal, and social repercussions, demonstrating a lack of transparency and ethical behavior.
Despite some of these events being relegated to the background due to numerous developments, it is crucial to revisit the events, to better understand the regulatory changes in the past decade.
February 2014 |
Crimea annexation In February and March 2014, Russia annexed the Crimean Peninsula. This event was globally recognized as a violation of Ukraine’s sovereignty and territorial integrity. In response, the EU and other jurisdictions implemented sanctions and restrictive measures aimed at economically and politically pressuring Russia. Highly analytical restrictions fell on financial stakeholders with very limited guidance at the time. |
November 2014 |
Luxembourg Leaks Luxembourg Leaks exposed the tax arrangements made between global companies and the Luxembourg government to optimize tax liability for these companies. The whistleblower of the relevant tax documents was charged and found guilty. In February 2023, the European Court of Human Rights ruled in favor of whistleblowers’ protection. This is considered by many as “year zero” of whistleblowing definition and protection framework. The EU Directive 2019/1937 and the Luxembourg bill 7945 are rooted there. |
April 2016 |
Panama Papers The disclosure of approximately 11.5 million confidential documents by the Panamanian law firm Mossack Fonseca, which specialized in the set-up of offshore companies, revealed various financial dealings of politicians, businessmen and celebrities. It also disclosed extensive use of offshore companies to conceal ownership and control structures. |
November 2017 |
Paradise Papers |
October 2021 |
Pandora Papers |
February 2022 |
Russian invasion |
December 2022 |
Qatargate |
During the last ten years, many other events, such as the Danske Bank scandal, the Russian Laundromat, the CumEx/CumCum files, the Wirecard scandal, or the Berlin clan real estate scandal, occurred in the area of financial crime, triggering regulatory attention and activity. The mentioned events are (in)directly related to the following topics:
In the EU, a stable system, created by five successive EU AML/CTF Directives for combating ML/TF, has emerged over the last few decades.
The first AML/CTF Directive was adopted in 1991 to address ML/TF threats to single markets and has since been revised several times to align with FATF standards. Each new EU AML/CTF Directive aims to close gaps — either by expanding scope and/or by introducing targeted measures to detect and prevent new ML/TF practices.
The latest and 5th EU AML/CTF Directive extends its scope beyond the financial sector to include parties, like lawyers, notaries, auditors, real estate agents, luxury goods dealers and all gambling services. The tightened measures concern among others:
However, an EU Directive can only be effective if it is properly and fully implemented by EU Member States at their national level.
How has Luxembourg enforced AML/CTF regulations over the past decade? In Luxembourg, the basis for combating ML/TF was created by the law of 12 November 2004 (the Luxembourg AML/CTF Law), which aimed to implement the 2nd EU AML/CTF Directive.
To comply with international standards and recommendations, both the legislation around ML/TF and the Luxembourg AML/CTF Law have been continuously amended; most recently in 2022. This continuous improvement reflects efforts to adapt to changing circumstances and address the following topics:
Other laws, as well as Grand-Ducal or CSSF ordinances and circulars, supplement the Luxembourg AML/CTF Law. The ordinances and the CSSF circulars provide detailed guidance for individual sectors of Luxembourg’s financial industry.
Another cornerstone of the ML/TF fight in Luxembourg is CSSF Regulation 12-02, updated in August 2020, which addresses (among others) investment fund managers and their business activities.
Investment fund managers must apply risk-based due diligence to the assets in which an investment fund invests and which are tangentially held by various counterparties. The EU is unique in not focusing exclusively on the client/investor side and addressing the associated ML/TF risks, but other countries are expected to follow suit and adopt similar legislation.
The law of 13 January 2019, which regulates the establishment of a central registry of beneficial owners of legal entities domiciled in Luxembourg, implemented its 4th EU AML/CTF Directive to improve transparency and traceability of beneficial owners. This measure is indirectly related to some of the events listed above (like Panama Papers), which revealed the need for greater transparency regarding ownership and control structures.
The register was publicly accessible until the European Court of Justice (ECJ) ruled on 22 November 2022 that the fifth EU AML/CTF Directive was invalid for its provision to publicize the information on beneficial owners.
This has temporarily blocked public access to the register in Luxembourg (and other EU countries) until December 2022, and it is now only accessible to professionals with an appropriate authorization to retrieve the data. The EU must revise its EU AML/CTF Directive to ensure the protection of the privacy of beneficial owners. These developments complicate the fight against corruption, money laundering, terrorist financing and the enforcement of sanctions in the EU.
According to statistics, employees are the most frequent whistleblowers of professional fraud incidents, highlighting the need to establish a framework to protect them, as demonstrated by the Luxembourg Leaks. The EU Whistleblower Directive, published on 23 October 2019, aimed to address this issue. However, Luxembourg, among other EU countries failed to meet the deadline for national transposition, which was set for 17 December 2021, due to concerns about the draft’s superfluous content like insufficient protection of civil servants, ambiguity regarding imposition of sanctions and data privacy. After the revised draft was resubmitted to the State Council on 23 March 2023, the respective Law was finally published in the Official Memorial on 17 May 2023.
In Luxembourg, the law of 19 December 2020 establishes the framework for implementing restrictive measures in financial matters, including those imposed by the UN and EU, such as those regarding Russia. The CSSF prioritizes timely elaboration of relevant processes and screening tools, as assessed during on-site inspections. However, the recent tightening of Russia’s sanctions has emphasized the need for financial institutions to adapt further to changing legal and geopolitical conditions.
The law of 23 December 2016 was enacted to prevent tax crime. This led, among others, to the expansion of the list of predicate offenses for money laundering, which includes aggravated tax evasion ("fraude fiscale aggravée") and tax evasion ("escroquerie fiscale"). Simple tax fraud, on the other hand, is subject only to administrative sanctions. All three concepts are clearly defined and distinguished from each other in the law.
In addition, the CSSF published Circular 17/650, supplemented by Circular 20/744, listing the indicators of possible tax crime for the banking and investment fund industry. Both the consideration of tax crime as a money laundering offense in accordance with the requirements of the 4th EU AML/CTF Directive and especially the integration of this issue in terms of combating ML/TF by means of detailed regulatory provisions for the financial industry, highlight Luxembourg’s far-sighted position.
The mutual evaluation of Luxembourg by the FATF in November 2022, as part of the 4th evaluation round, is another key event to mention, alongside the increasing regulatory requirements compared to the 2010 evaluation report. The plenary discussion related to the visit is scheduled for June 2023. Until then, the outcome of the FATF evaluation and related measures for Luxembourg remain to be seen.
In July 2021, the European Commission presented a package of four legislative proposals to strengthen the EU AML/CTF framework.
In March 2023, the EU adopted three pieces of draft legislation on provisions of the EU AML/CTF package that consists of:
1. the EU "single rulebook" regulation with provisions on:
2. The 6th EU AML/CTF Directive with provisions on:
3. The regulation establishing the AMLA, a supervisory authority responsible for monitoring risks and threats within and outside the EU and directly supervising specific credit and financial institutions based on their risk level. AMLA can require companies and individuals to provide information, conduct on-site visits with judicial authorization, and impose sanctions.
The EU aims to extend the agency's competence, allowing it to create lists of high-risk non-EU countries and granting AMLA the authority to mediate between national financial supervisors. It also wants AMLA to settle disputes, supervise and investigate the national implementation of the single AML rulebook, monitor the supervisors in the non-financial sector and receive whistleblower complaints. The EU plans to implement AMLA in 2024.
The three draft legislations mentioned are ready for negotiation with the European Parliament after being confirmed during April’s plenary session.
The 4th legislative proposals, endorsed by the Council in October 2022, is to revise 2015’s Regulation on Transfers of Funds to include transfers of crypto-assets. The proposal was debated in European Parliament on 19 April 2023 and approved on 20 April 2023, in conjunction with the Markets in Crypto-assets regulation (MiCA).
Money laundering and terrorist financing are fundamental cross-border problems. To combating them effectively, Luxembourg aims to be a leading example in the fight against organized crime.
As this article highlights, financial crime intentions and practices and regulatory requirements are both constantly evolving. However, the velocity at which these developments proceed is different. Regulatory developments are often corrective actions that try to cure existing criminal practices.
In addition, EU Directives might be transposed into national legislation with interpretation and local markets specificities, creating potential gaps, inconsistencies, and loopholes for criminals to exploit. Therefore, instead of EU Directives and as already foreseen in the upcoming EU legislative AML/CTF package, EU regulations for combating ML/TF should be issued to have an immediate binding character for all EU member states.
It remains exciting to see how the EU’s fight against financial crime will develop and whether current plans can be implemented smoothly and promptly to promote sustainable economic growth.