Anti-Money Laundering Newsletter - November 2021 | Legislation and publications of official bodies
Non-face-to-face identification procedure for transmission of account information on the Iberpay (SNCE) platform may continue to be used if certain additional measures are implemented
On September 28, de 2021, Sepblac (Enforcement Service of the Anti-Money Laundering and Monetary Infringements Commission) issued a new information notice on the non-face-to-face identification procedure at Sociedad Española de Sistemas de Pago S.A, (Iberpay), known as the “account ownership confirmation request procedure between institutions”. The notice mentions an earlier notice, issued on May 13, 2021, reporting that the Iberpay procedure, which was required since May 22, 2015, would cease to be applicable on September 30, 2021.
The notice published in September states that, temporarily, until Iberpay creates a new procedure and it is authorized by Sepblac, this procedure will continue to be authorized for non-face-to-face customer identification where additional measures are used to verify that the person participating in that remote identification procedure is the owner of the account that is the target of the identification system.
One of the additional measures for this verification, as mentioned in the notice, is the chance to send to the account at another institution (the target of this identification system) “a transfer of a very small amount which includes in the description a randomly created alphanumeric code that cannot be made known by any other means to the person participating in the remote identification process”. This person will enter their electronic banking service at the other institution and include the supplied alphanumeric code in the registration process. Additionally, the process has to meet specific requirements: “maximum number of attempts, limited validity period for the code and chance to make one request only for another transfer to be sent with the alphanumeric code”.
Obliged entities must record these additional measures in writing which must be sent for approval by their internal control body, although Sepblac’s specific prior approval is not needed.
The non-face-to-face identification systems set out in the Regulations for Law 10/2010 to date are the following:
a) The customer must be identity proofed under the applicable legislation on electronic signatures.
b) The customer must be identity proofed using a copy of their identity document, which must be issued by a public authenticating official.
c) The first payment must come from an account in the customer’s name opened at an institution domiciled in Spain, in the European Union or in equivalent third countries.
d) The customer must be identity proofed using other secure identification procedures in non-face-to-face transactions, provided that those procedures have first been authorized by Sepblac.
Sepblac has used its given powers to authorize the following secure non-face-to-face identification procedures:
- 2015: Information exchange system on the Iberpay platform. Until September 30 it allowed a customer to be identified if they had opened an account at a credit institution that was a member of Iberpay. The customer’s identification information was transmitted on this platform. On or after that date, it can be used if additional measures are used alongside it.
- 2016: Non-face-to-face identification procedure using videoconferencing.
- 2017: Non-face-to-face identification procedure using video identification.
Bearing in mind that the non-face-to-face identification procedure currently in place at Sociedad Española de Sistemas de Pago S.A (Iberpay) requires additional measures; the identification system involving the sending of a first transfer to the account intended to be opened, from a European bank at which the client being validated holds an account has been kept as the most efficient non-face-to-face identification system.
Another recently published document that needs to be considered is Order ETD/465/2021, of May 6, 2021, on remote video identification methods for issuing qualified electronic certificates, under the rules on trusted electronic services in the eIDAs Regulation, and implementing article 7.2 of Law 6/2020, of November 11, 2020, on certain aspects of trusted electronic services.
It would seem that the remote identification requirements laid down for anyone applying for an electronic certificate will be accepted for non-face-to-face customer identification, because one of the options allowed by the legislation is that “customers must be identity proofed under the applicable legislation on electronic signatures”.
Now in force: Organic Law 6/2021 broadening definition of money laundering offender
After coming into force on April 29, Organic Law 6/2021, of April 28, 2021 has reformed articles 301 and 302 of the Criminal Code, on money laundering offenses.
Its purpose is to write into Spanish law Directive (EU) 2018/1673, enacted jointly by the European Parliament and the Council, which makes a technical enhancement by broadening the definition of a money laundering offender, to encompass all cases and include an aggravating circumstance which will allow the sentence to be increased where the laundered property comes from certain types of offenses.
Organic Law 6/2021 has introduced, among other amendments, a new aggravating circumstance in article 302.1 of the Criminal Code, consisting of cases where the money laundering offense has been committed in the exercise of its professional activities by an obliged entity under the anti-money laundering legislation, namely Law 10/2010, the Spanish Anti-Money Laundering and Counter-Terrorist Financing Law. The rule is as follows: “A sentence in the second half of the range of severity levels shall be imposed on persons who are obliged entities under the anti-money laundering and counter-terrorist financing legislation and engage in any of the types of conduct described in article 301 of the Criminal Code (LA LEY 3996/1995) in the exercise of their professional activity”.
For further information, see here.
Sepblac deems it good practice for payment institutions and electronic money institutions to issue their own IBANs
On August 5, 2021, Sepblac issued a statement in which it deems it good practice for payment institutions and electronic money institutions, where they decide to provide specific IBANs for each customer, to issue their own numbers, and not to use third parties’ numbers, usually issued by credit institutions.
The IBAN for an account is a basic element for customer identification and for the correct functioning of payment systems. For that reason, the generalized use of third parties’ numbers may affect the fulfillment of anti-money laundering and counter-terrorist financing obligations so, in this notice, Sepblac provides conduct guidelines which have been consulted with the Bank of Spain.
In view of the difficulties that payment institutions and electronic money institutions have for accessing payment systems - exceptionally and only in the case of institutions having an establishment in Spain that choose to operate in the way mentioned in this statement while they manage access with their own IBAN to retail payment systems - a number of guidelines are provided, including: (i) identification of end customers at the start of transactions, so that the credit institution issuing the IBAN has the identification particulars of the customer of the payment institution or electronic money institution that is going to use it; (ii) periodical updating of customer information using an automated system between both institutions that will allow changes to their particulars to be notified and; (iii) recording of information on movements made by end users of the IBAN which will be recorded in the account at the credit institution and in the account at the payment institution or electronic money institution.
Lastly, the credit institutions issuing an IBAN will have to file a statement of information with the Centralized Banking Account Register (FTF), in which they will have to identify as owner of the account the payment institution or electronic money institution adopting the decision, and as beneficial owners, the end customers of the payment institution or electronic money institution, who are beneficiaries of the payment services that these institutions provide to them.
European Court of Auditors finds that EU efforts to fight money laundering in the banking sector are fragmentary and their implementation, insufficient
In its Special Report 13/2021, the European Court of Auditors found that the European Union’s current measures in the fight against money laundering and terrorist financing in the banking sector are fragmentary and their implementation, insufficient.
The Court of Auditors based its opinion on deficiencies in coordination between EU institutions for the adoption of prevention measures after a risk has been identified. It found the system to be lacking in that there is still no single supervisor in the European Union and that powers are distributed among several EU bodies, which means that coordination is not uniform across the member states.
For all of those reasons, the Court of Auditors has made a number of recommendations in its reports, including (i) that the Commission should improve on the risk assessments that it currently makes; (ii) in addition to guaranteeing that the effect of the current anti-money laundering and counter-terrorist financing legislation is immediate and; (iii) lastly, the European Banking Authority and the Commission should make better use of their powers relating to the infringements that are committed in this area.
Registrars and European Public Prosecutor’s Office sign anti-money laundering cooperation agreement
The Spanish Registrars’ Association and the European Public Prosecutor’s Office have signed a cooperation agreement allowing the European Public Prosecutor’s Office to request information on the beneficial owners of companies entered at commercial registries in Spain.
This information, provided by the commercial registry, will be accessible to the Public Prosecutor's Office in the form of a digital certificate recognized by CORPME, for 24 hours a day, on the web service.
Under this agreement, the commercial registry makes available to the European Public Prosecutor’s Office the Beneficial Ownership Register, which contains complete information, updated at least once a year, on the beneficial ownership of registered commercial companies.
It should be remembered that the information in the beneficial ownership file, managed by the commercial registry, is available for any obliged entities that sign an access agreement with that body.
Sepblac and the CNMV agree to review several institutions contemplated in inspection programs
The CNMV’s annual report on securities markets and steps in 2020 states that under the rules on cooperation between Sepblac and CNMV in relation to anti-money laundering matters, the two institutions agreed in 2020 to carry out a review program for seven institutions among those contemplated in the audit programs.
The annual report states also that in relation to earlier years, Sepblac received the conclusions based on the scheduled work program regarding the degree of fulfillment of the anti-money laundering obligations relating to six investment services companies and seven companies managing collective investment vehicles.
Sepblac received relevant information in relation to the anti-money laundering incidents identified in the review in the auditor's reports drawn up by the institutions themselves.
Contact