This Briefing summarises the key provisions of MLD4 and assesses its potential impact as the focus moves to a more risk-based approach to combating money laundering and terrorist financing. Member States must transpose MLD4 into national law by 26 June 2017.


The Third Money Laundering Directive (Directive 2005/60/EC) (MLD3) and the associated European Commission Directive 2006/70/EC on politically exposed persons (PEPs) were introduced to ensure the consistent application, by Member States, of the recommendations of the Financial Action Task Force (FATF). Following the implementation of MLD3, FATF published a further set of International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation in February 2012, which were designed to facilitate Member States taking more effective action to combat money laundering and terrorist financing, to address the laundering of the proceeds of corruption and tax crimes, and to promote a more risk-based approach. The European Commission also began a review of MLD3 in 2010, and published its report in April 2012. This report, together with the new FATF standards, led to the publication, in February 2013, of the first draft of MLD4 with the European Commission stating its aims to be:

  • to provide for a more targeted and focussed risk-based approach;
  • to clarify and reinforce the rules on customer due diligence (CDD);
  • to introduce new provisions to deal with PEPs;
  • to bring into scope all persons dealing in goods for cash payment of €7,500 or more (this threshold was increased in MLD4 to €10,000);
  • to increase coverage of the gambling sector;
  • to explicitly refer to tax crimes; and
  • to reinforce the enforcement powers of national competent authorities.

Political agreement was reached on MLD4 in December 2014. It was adopted by the EU Council in April 2015 and by the European Parliament in May 2015, following which it was published in the Official Journal.

On 5 June 2015, the revised Wire Transfer Regulation (Regulation (EU) 2015/847) was also published in the Official Journal. It sets out the minimum requirements that are essential to ensure the traceability of transfers of funds, and aims to ensure consistency of approach between Member States regarding a more targeted and risk-based approach to funds transfers.

Key provisions of MLD4

In addition to moving towards a risk-based approach to combating money laundering and terrorist financing, the following key provisions of MLD4 should be noted:

Beneficial Ownership

Member States must ensure that entities incorporated in their jurisdictions obtain and hold “adequate, accurate and current information on their beneficial ownership” which can be accessed by competent authorities and EU Financial Intelligence Units (FIUs). Member States will also be required to store that information on beneficial ownership in a central register, accessible to:

  • competent authorities and FIUs without restriction;
  • obliged entities” (i.e. those listed in Article 2(1) of MLD4 as being entities to which MLD4 applies) within the CDD framework; and
  • others that can demonstrate a legitimate interest.

The storing of beneficial ownership information on a central register will not relieve obliged entities of their CDD obligations which they will be required to continue to fulfil using a risk-based approach.


Trustees will also be required to obtain and hold information on beneficial ownership. They will be obliged to disclose their status and provide information as to beneficial ownership to obliged entities in a timely manner. That information must also be accessible to competent authorities and FIUs in a timely manner. When the trust gives rise to tax consequences, Member States must also ensure that the beneficial ownership information held by trustees is held on a central register. The storing of beneficial ownership information on a central register will not relieve obliged entities of their CDD obligations which they will be required to continue to fulfil using a risk-based approach.

Simplified due diligence (SDD)

The application of SDD measures must now be justified on the basis that the business relationship or transaction presents a lower degree of risk. The European Supervisory Authorities (the European Banking Authority, the European Securities and Markets Authority and the European Insurance and Occupational Pensions Authority) (ESAs) must issue guidelines to national competent authorities by 26 June 2017 (the transposition date) on risk factors to be considered, and measures to be taken, in situations where SDD measures are appropriate.


The categories of individuals who can be regarded as PEPs has been broadened to include members of the governing bodies of political parties, and directors, deputy directors and members of the board or equivalent function of an international organisation. Domestic PEPs are also now in scope for enhanced due diligence measures.

Goods for cash payment

Goods traders making or receiving cash payments of €10,000 or more are now in scope.

Tax crimes

The definition of “criminal activity” in MLD4 now includes tax crimes relating to both direct and indirect taxes.

Gambling services

Providers of gambling services which pose higher risks must apply CDD measures for single transactions amounting to €2,000 or more (although in “proven low-risk circumstances” Member States may exempt certain gambling services from some or all of the requirements of MLD4 – casinos cannot benefit from such an exemption).

Limited/occasional financial activity exclusion

The MLD3 ability for Member States to exempt persons (legal and natural) who engage in financial activity on an occasional or very limited basis where the money laundering or terrorist financing risk is low has been clarified by providing that all of the following criteria must be met for such an exemption to apply:

  • the financial activity must be limited in absolute terms and on a transaction basis;
  • the financial activity must not be that person’s main activity and must be ancillary and directly related to that person’s main activity;
  • that person’s main activity cannot be one of those listed at Article 1(a)-(d) and (f) of MLD4 (i.e. trust or company service provider, estate agent, provider of gambling services, auditor, external accountant, tax advisor, notary or other independent legal professional); and
  • the financial activity must be provided only to the customers of that person’s main activity and not generally offered to the public.

Member States must set thresholds (including turnover thresholds) and Member States’ decisions on these exclusions must be reasoned, and notified to the European Commission.

Jurisdictions with strategic deficiencies

Third-country jurisdictions whose regimes for combating money laundering and terrorist financing are regarded as being strategically deficient will be identified and the European Commission may adopt delegated acts to identify such jurisdictions.
Bearer shares
Member States must also take steps to prevent the misuse of bearer shares and bearer share warrants.

Electronic money

Two key thresholds have changed slightly as regards the ability to apply SDD measures to electronic money:
under MLD3, the maximum amount stored electronically on the payment instrument could not exceed €150 – this has been increased to €250; and
under MLD3, if the payment instrument was reloadable it must have had a maximum annual payment transactions limit of €2,500 – this has been changed in MLD4 to €250 per month (€3,000 per year) which can be used only in the relevant Member State.


Member States are required to establish FIUs to prevent, detect and combat money laundering and terrorist financing. FIUs will receive and analyse suspicious transaction reports, disseminate information to competent authorities and seek information from obliged entities. Auditors, external accountants, tax advisors, notaries and other independent legal professionals and estate agents will be allowed to instead designate a self-regulatory body for their respective professions to receive suspicious transaction reports in place of the FIU (subject to the same carve out regarding judicial proceedings as was contained in MLD3). That body must then forward that information to the FIU. It will be interesting to see who takes the role of the FIU in Ireland.

Supervision, enforcement and cooperation

Member States must now apply a risk-based approach to supervision, and competent authorities in home and host Member States must cooperate regarding effective supervision of obliged entities.
Detailed provisions have also been included regarding sanctions, setting out the minimum articles of MLD4 in respect of which serious, repeated or systematic breaches should be sanctioned and detailing what, at a minimum, should be included in each Member States’ suite of administrative sanctions and measures (i.e. a public statement identifying the person and the nature of the breach, an order requiring the person to cease and desist from the conduct in question, a withdrawal or suspension of the authorisation of an authorised person, a temporary ban on a person discharging managerial responsibilities, and maximum administrative pecuniary sanctions of at least 200% of the amount derived from the breach (if capable of being determined) or at least €1,000,000).
Further, more punitive, administrative pecuniary sanctions are permissible in the case of credit institutions and financial institutions (at least €5,000,000 or 10% of total annual turnover in the case of a legal person, and at least €5,000,000 in the case of a natural person).

What’s next?

The ESAs must publish, through their Joint Committee, an opinion on the risks of money laundering and terrorist financing affecting the EU financial sector by 26 December 2016, and update that opinion every 2 years thereafter.

To coincide with the transposition deadline of 26 June 2017, the European Commission must publish a report setting out the risks of money laundering and terrorist financing affecting the internal market and relating to cross-border activities, and must update that report every 2 years. The European Commission must make recommendations to Member States on how best to address the risks identified in that report.

Firms should now start considering how MLD4 might impact their business and their client onboarding arrangements in particular. Given the issues created by the late implementation of MLD3 in Ireland, it is hoped that MLD4 will be implemented in Ireland on time in June 2017 and that the AML industry guidance is updated in readiness for that date.