The following obligated entities have been brought into the scope of the new Directive:

• Virtual currency providers and custodian wallet providers;
• Art traders (when the value of transactions or series of linked transactions amount to EUR10,000 or more);
• Those who provide similar services to auditors, external accountants and tax advisors as a principal business or professional activity; and
• Estate agents who act as intermediaries in the letting of property where the monthly rent is equivalent to EUR10,000 or more.

Actions to consider

• Firms currently operating within the regulated sector may need to consider how their risk appetite for working with entities within this new regulated sector may be affected. Firms may need to consider the additional knowledge and/ or controls that may need to be put into place as a result of this change. Firms should begin to look at their control framework to ensure they give themselves sufficient time to implement any new changes.
• Firms coming into the regulated sector will need to ensure that a plan of action is created to review the adequacy of the existing control framework and that any gaps identified are addressed accordingly.

• Non-reloadable payment instruments that have a maximum monthly payment transaction limit of EUR150 and where the maximum amount stored electronically exceeds EUR150, are now subject to customer due diligence (CDD) measures. The threshold has been reduced from EUR250 to EUR150.
• Remote payment transactions that exceed EUR50  are now subject to customer due diligence measures. The threshold has been reduced from EUR100 to EUR50.

Actions to consider

• E-money Licence holders may need to review existing policies and procedures to reflect the changes in thresholds. In addition, thresholds within monitoring systems may need to be adjusted. Furthermore, in a broader context, Banks specifically may want to consider how their monitoring may need to be adjusted to reflect the new changes.

• Each member state and any international organisations accredited to it will be required to keep an up-to-date list of exact functions which qualify as prominent public functions. A single list of all prominent public functions will be assembled by the Commission and will be made public.

Actions to consider

• Firms should consider how they may use this list. Where firms are purchasing politically exposed persons (PEP) lists, they should check how their provider is using the information published to support the production of the PEP list.
• Firms should also ensure the PEP lists they maintain are kept up to date.

• Identification and verification of customers must be based on documents, data or information from a reliable and independent source. The proposed amendment now states that where available, this should also include electronic identification means that have been approved by national authorities.

Actions to consider

• Firms may need to determine the criteria for deciding on the acceptability of electronic sources and may wish to consider revising their on-boarding process to accommodate for this change. Firms should re‑consider whether they have the necessary technological infrastructure to support electronic identification and verification. For example, do firms have the right technology to enable them to conduct identification and verification electronically? Do firms have the correct infrastructure to enable them to store and extract this data electronically?

• Any member of the public can now have access to beneficial ownership information held in the register for corporate and other legal entities. Access is no longer limited to persons who can demonstrate legitimate interests.

Actions to consider

• Firms may wish to consider designing and implementing a formalised process to obtain, record and update the information required for the register. Additionally, firms will need to consider updating their policy, process and procedural documents on the applicable data privacy laws as well as the new processes of providing information to Financial Intelligence Units (FIUs).

• A new Article has been created which aims to harmonise the enhanced due diligence (EDD) measures which obligated entities across member states should apply to business relationships with high risk third countries. Currently, member states determine their own type of EDD measures that should be applied towards high risk countries.

Actions to consider

• Firms may have already captured EDD requirements under their national anti-money laundering regulation however, firms should consider whether their policies, procedures and processes need to be updated to ensure they adhere to requirements outlined in the new Directive.

• Centralised automated mechanisms, such as central registries or central electronic data retrieval systems, will allow FIUs and competent authorities to identify account holders in a timely manner.
• FIUs will now have the ability to acquire any information they need from any obliged entity, even without a previous suspicious transaction report being made.

Actions to consider

• Firms may have to consider whether the controls in place to collate, store and synthesize this information internally are sufficient to enable data to be retrieved in a timely manner.