Komunikim- Shtypi

Amendments to the Law on Prevention of Money Laundering and Financing of Terrorism

Following the recommendations of the Financial Action Task Force and aiming to approximate the national legislation with the EU Directives, the Albanian Parliament adopted amendments to Law no. 9917 dated 19 May 2008 on Prevention of Money Laundering and Financing of Terrorism (“the amendments”) on 17 June 2019. The amendments will be effective from 25 July 2019. Below you may find a summary of most important changes.

Statutory auditors, chartered accountants and notaries are added to the list of entities/professions which are obliged to comply with the legal requirements for all types of transactions performed for/engaged by a client. Currently, such entities/professions are considered obliged entities only for a limited number of transactions, i.e. transfer of real estate, transfer of shares, establishment of joint-stock companies, administration of bank accounts and parts of capital used for establishment of companies and assistance in legal arrangements.

Obligation to identify the decision making and management bodies

In the framework of due diligence measures, upon entry into force of the amendments, the obliged entities shall be responsible to identify the individual/s who take part in decision making and management bodies of their clients. For the legal arrangements, these obligations shall cover the identification of the settler, beneficiary, trustee or the person having factual control over such legal arrangements.

Simplified customer due diligence

Obliged entities might apply simplified due diligence measures to their clients only where low risk for money laundering and/or terrorism financing is identified based on the risk assessments of law enforcement authorities as well as upon risk assessment and management procedures performed by obliged entities.

When assessing the risks of money laundering and terrorist financing relating to types of clients, geographic areas, and particular products, services, transactions or delivery channels, the obliged entities shall take into account at least the factors of potentially lower risk situations set out in Annex II of Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 .

Changes to identification data

The father’s name is excluded from the list of personal data required and kept by the obliged entities for client’s or its representatives’ identification purposes. On the other hand, the citizenship and personal number are added to the list.

In addition, for identification purposes of private non-for profit entities, the obliged entities must require the identification data of their clients’ legal representatives (such as trusts or other similar arrangements) and persons holding management/decision making positions.

Concerning the legal arrangements, the obliged entities must register and keep identification data for the settler, beneficiaries, trustee or person having factual control.

Acceptance of electronically signed documents

In addition to original or certified documents, the obliged entities will accept and extract the necessary data from electronically signed documents submitted by the client. Electronically signed documents will serve as evidencing documents and will be accepted by the obliged entities only if issued and signed electronically in compliance with the legislation on electronic documents and electronic signature.

Reliance on third parties for due diligence measures

Banks, other financial institutions, life insurance companies, and asset management companies may rely on third parties to perform the due diligence measures provided that the criteria set out below are met:

• Relying upon a third party must be able to immediately obtain the necessary information concerning the elements of due diligence measures
• Adequate steps must be taken to satisfy themselves that copies of identification data and other relevant documentation relating to the due diligence requirements will be made available without delay by the third party upon request of the obliged entity itself or relevant authorities
• They must satisfy themselves that the third party is regulated, supervised or monitored for, has an internal control structure responsible for controlling compliance with these obligations and has measures in place for compliance with due diligence measures and record-keeping requirements in line with the provisions of the Law.

Notwithstanding the above, the obliged entity relying upon a third party shall remain responsible should the third party not fulfil the obligations set out in the Law.

Extended deadline for data, information and documentation storage

The term for data storage of information and documentation acquired under the Law requirements has been extended from five to ten years. Thus the obliged entities must store the documents collected in the course of due diligence and enhanced diligence measures, data on accounts, transactions, correspondence with the client as well as the results of the analysis performed for a period of ten years from the date of relationship termination, closing of account or occasional transaction.

Temporary freeze due to international obligations

Under the amendments, the obliged entities must immediately and directly enforce the temporary freeze of actions, intermediation, transaction, remittance, financial or other related services, funds and other assets. The freeze must take place immediately upon the decision of the UN Security Council, international organizations or treaties on financial sanctions against the persons listed therein is communicated to the obliged entity.

Risk assessment and identification

The internal regulations/instructions of the obliged entities must among others include and provide for a risk policy covering the risks which they are exposed to during the provision of services, geographical location and distribution channel mechanisms.

Furthermore, the obliged entities must identify, assess and understand their risk of money laundering and terrorism financing (for the clients, countries or geographical areas, products, services, transactions or delivery channels). In application of these obligations, the obliged entities are required to:

• Document their risk assessment
• Consider all risk factors before determining the general risk level, type and level of mitigation measures
• Consider the national risk assessments, sector assessments and other similar data as well as recommendations from responsible authority and/or supervisory authorities
• Keep the assessments up-to-date
• Establish the appropriate mechanisms to provide risk assessment information to responsible authorities, supervisory authorities and other authorities established by the law.

Establishment of internal reporting channels

In proportion to the nature and size of business, the obliged entities must implement appropriate procedures for their employees by virtue of which they may report breaches within the obliged entity through a specific, independent and anonymous channel.

The term granted to the responsible authority for reviewing the administrative contravention has been extended from two to five years.

Should you have any inquiries or need assistance, we would be glad to be of help.

Burimi: KPMG Legal News