The European Commission Relaunches its List of Countries Regarded as High Risk for Money Laundering and Terrorist Financing

Following the rejection by EU member states of a list published in 2019, the European Commission revised its methodology for a list of third countries considered to be high risk for money laundering and terrorist financing in May 2020.

Coming up with a process to determine which countries should go on this list has not proven easy for the Commission. The first list, published in the summer of 2016, essentially replicated the countries named on a similar list created by the Financial Action Task Force (FATF), with limited information explaining the process that had been followed. The Commission was then tasked with developing a methodology that explained how countries would be identified and selected. In this next iteration a list was released by the Commission in February 2019 which was criticised by almost all EU member states as well as the US and was quickly shut down for having methodological weaknesses. And so, last month, a revised methodology appeared, describing in great detail the steps that will be followed to decide whether a foreign jurisdiction should be classified as high risk.

Consequences of Being Added to the List

The consequences of being listed for a third country can be serious: it can result in reduced or severed access to EU-based financial services. 

Under the changes made by the 5th Anti-Money Laundering Directive, the EU legislation that covers financial crime controls, customers connected to these countries must undergo additional scrutiny before any products or services can be offered to them. They must provide additional information about their occupation or business activities in the third country, identify other sources of income they may have and connections they may have to other third countries and parties who may be involved in the management of their business. They are often required to produce several months’ worth of bank statements, audit reports and financial accounts, on top of the standard due diligence information asked of all other customers.

This information must then be verified, in other words, checked against other reliable sources of information, and this scrutiny is not a one-time event. Even after the customer is accepted, the same information must be ‘refreshed’ or updated either on a ‘trigger’ basis – such as when the customer wants to access a new product or service or undertakes a transaction above a particular amount – or periodically, such as on the anniversary of the customer’s original approval.

This additional scrutiny is costly. A customer with no connection to a listed third country might be approved in a matter of days. A customer with a connection might find this same process can take weeks and, in some cases, even months. For some financial institutions, the cost of undertaking these measures may make no economic sense.

What is the Methodology?

The process for which the EU will determine a high-risk third country can be distilled to a few basic elements. If a jurisdiction has been named on the FATF list, it will also be added to the EU’s list. These jurisdictions may be asked by the Commission to take additional measures, on top of those already required by the FATF, to remedy any deficiencies seen as posing a significant threat to the EU’s financial system. The Commission can also add jurisdictions not on the FATF’s list, requiring them to undertake certain measures to rectify strategic deficiencies in their national anti-financial crime regimes.

If a jurisdiction on the FATF list fails to implement the requested top-up measures, it will remain on the EU’s list. This could be the case even after the FATF has decided that the jurisdiction has addressed the deficiencies that led it to be named on the FATF list in the first place. In the case of jurisdictions that have only been named by the EU, they will be added to the list if they refuse or fail to undertake the requested measures within a specified period.

Despite all the work undertaken to develop this methodology in response to the list’s previous outing in 2019, some critical questions remain unanswered.

Does the Solution Lie in Yet Another List?

First, why is it necessary for the EU to have its own list? After all, the EU is a member of the FATF and its member states are either also members of the FATF or one of its regional bodies. The methodology incorporates the vast majority of the elements used by the FATF when it evaluates a country’s anti-money laundering and counterterrorist financing (AML/CTF) regimes. Why is it not possible to have the EU’s countries of concern addressed through this process, as well? Unlike the approach taken by the Commission for a parallel process – the listing of third countries considered to pose a higher risk in relation to tax avoidance – the methodology does not reveal what might be the types of financial crime risks the EU might be exposed to that are not otherwise addressed as part of the evaluations conducted by the FATF.

Perhaps the answer lies in some of the common criticisms of the FATF process. The FATF process is not perfect and the EU has stated a number of times that it seeks to meet and exceed FATF standards within the EU. It is an open question, however, as to whether overlaying an additional evaluation will actually help in addressing the EU’s financial crime concerns. This list runs the risk of becoming a ‘piling-on’ exercise, a term coined by American regulators where multiple regulators and law enforcement agencies impose fines or other penalties on the same party for essentially the same misconduct. The third country list could run the risk of being perceived to be contributing limited value towards the EU’s fight against financial crime and simply be seen as process for process’s sake.

Another question lies in whether the Commission will be able to credibly persuade jurisdictions to implement the measures it recommends. The last several years have seen large financial crime cases involving European financial institutions, for which the EU has come under considerable criticism, along with the weaknesses in its own AML/CTF regime. It has formulated a plan to bolster that regime, including the introduction of a bloc-wide regulatory body, but this has yet to be proved. A recent survey has also shown that member states are still not effective at converting the detection of financial crime by businesses into meaningful investigations and prosecutions of illicit actors.

There remains a lot of work to be done by the EU itself. In May, for example, the Commission issued a formal notice to a number of Member States for having only partially transposed into national law the changes made by the 5th Anti-Money Laundering Directive.  Substantial fines have been issued to European-based banks by EU supervisory while two-thirds of all fines issued by US regulators were imposed on European financial institutions for deficiencies in their anti-money laundering processes and sanctions violations.

The revised methodology emphasises that the Commission will encourage third countries to take on board and implement the measures it proposes. Yet to ensure those words of encouragement do not fall on deaf ears, the EU must ensure that it leads by example, addressing its own weaknesses in combatting financial crime as a matter of priority. Otherwise, the intended purpose of the list will run the risk of being seen by third countries as yet another case of ‘do as I say, but not as I do’.

The EU has proposed and is in the process of designing the means by which it can improve the way it supervises and investigates financial crime in Europe. These include the creation of a pan-EU oversight body to ensure that both the supervision of EU regulated businesses and the enforcement for non-compliance with anti-money laundering regulations is more consistent. 

While it is still early days, the EU will need to show that these changes will make a meaningful difference in fighting financial crime across the region, if it is to have the chance of persuading other jurisdictions to do the same.

The views expressed in this Commentary are the author's, and do not represent those of RUSI or any other institution.