6AMLD: What to Know About the Sixth EU Anti-Money Laundering Directive

To combat financial crime, the European Union has equipped itself with a state-of-the-art legislative arsenal. This has culminated in the Sixth EU Anti-Money Laundering Directive (6AMLD), formally known as EU Directive 2018/1673. This regulation is not only an update of previous ones, but also responds to the recent and complex threats facing the financial system.

Between 2012 and 2018, EU banks paid more than $16 billion in fines related to money laundering, a clear sign that existing regulations were not a sufficient deterrent.

The 6AMLD came into force on December 3, 2020, with a deadline for implementation by companies of June 3, 2021. Designed to close the legal loopholes and gaps that criminals had exploited for years, it establishes a strict criminal liability regime with severe penalties. This article provides an analysis of the sixth anti-money laundering directive, breaking down its legal framework, key developments, the crimes it covers, and how organizations can navigate this complex regulatory landscape with the help of advanced technological solutions.

What Does 6AMLD Mean in the European Regulatory Context?

The 6AMLD represents a crucial step in the evolution of the European Union's regulatory framework in the fight against money laundering. Its main objective is to harmonize the definition of predicate offenses of money laundering, strengthening the legal basis for sanctioning both individuals and legal entities.

6AMLD expands the range of behaviors classified as crimes, including the facilitation of money laundering, and adds new categories such as cybercrime and influence peddling, which were not uniformly classified in member countries.

Likewise, the 6AMLD (or AML6) strengthens the tools for judicial cooperation and investigations, facilitating more agile processes between European authorities.

Legal Framework of 6AMLD: Harmonization of Money Laundering Offenses

Prior to 6AMLD, the lack of a common definition for predicate offenses created a fragmented legal landscape. Criminals could commit tax fraud in one member state and launder the proceeds in another where laws were more lax, greatly complicating investigations. The 6AMLD addresses this problem by establishing a binding list of criminal activities whose monetization is considered money laundering throughout the EU.

The directive specifies 22 crimes that must be criminalized by all member states as a basis for the crime of money laundering. This list is exhaustive and ranges from traditional crimes to emerging threats.

Some examples we mention are:

• Organized and Serious Crime: Terrorism, trafficking in human beings, narcotics or weapons, sexual exploitation, kidnapping, or piracy.
• Financial Crimes: Corruption, fraud, counterfeiting of currency, or insider trading.
• New Threats: Counterfeiting of products, environmental crimes, and cybercrime.

The explicit inclusion of cybercrime and environmental crime as predicate offenses is one of the most significant innovations of 6AMLD. This expansion requires regulated entities to look beyond traditional financial red flags.

Key Developments in 6AMLD and Their Impact on Businesses. Differences From AML5 and AML4

Broadly speaking, there are four new developments:

1. Expanded Scope of Application: Criminalization of "complicity" to prosecute facilitators.

The new directive expands to include any person who knowingly aids, incites, attempts, or is an accomplice in the commission of the crime. This concept, known as "aiding and abetting," targets those who facilitate money laundering.  

2. Expanded Criminal Liability: The end of impunity for legal entities.

The most revolutionary change. For the first time, companies and other legal entities can be held criminally liable for money laundering offenses committed for their benefit by employees or managers. Liability may arise from direct action or from a "lack of supervision or control" that made the offense possible. It is now up to the company to demonstrate that it had robust internal controls in place to actively prevent financial crime.  

3. Tougher Penalties: Raising the stakes with more severe punishments.

The 6AMLD seeks to ensure that penalties have a real deterrent effect. To this end, it significantly toughens the penalties: from four years' imprisonment for individuals to massive fines of up to €5 million for legal entities.

4. Enhanced Cooperation: addressing double criminality and cross-border investigations.

It addresses the problem of "double criminality" by requiring cooperation even when the predicate offense is not defined in the same way in all the jurisdictions involved. In addition, it provides criteria for deciding where prosecution should take place, considering factors such as the country of the victim, the nationality of the perpetrator, and the place where the offense was committed, ensuring a coordinated and seamless response.

AML4 laid the structural foundations for the regulations and consolidated a focus on identifying beneficial owners.

AML5 expanded the focus on new instruments for committing fraud in areas such as cryptocurrencies.

6AMLD, as we have mentioned, focuses on cooperation and criminal liability, as well as harmonizing crimes across member states.

How to Comply With 6AMLD Thanks to KYC and AML Solutions?

The complexity and severity of 6AMLD make manual and reactive approaches to compliance insufficient and dangerous. The directive itself recognizes the need to leverage technology for effective implementation. Modern compliance requires a proactive, automated, and risk-based approach that not only detects suspicious activity but also generates an irrefutable audit trail.  

Manually managing Customer Due Diligence (CDD), monitoring transactions against 22 predicate offenses, and mitigating corporate liability risk is a huge and error-prone task. Automation through RegTech (regulatory technology) platforms is the only way to ensure consistent, scalable, and defensible  compliance.  

A robust compliance program aligned with the sixth anti-money laundering directive must be built on three fundamental technological pillars:

1. Robust Customer Due Diligence (CDD): This involves not only verifying a customer's identity at the time of onboarding, but also understanding and monitoring their risk profile throughout the business relationship.  
2. Advanced Identity Verification (KYC/KYB): The identity of natural persons (Know Your Customer) and the legitimacy and structure of legal entities (Know Your Business) must be reliably verified to prevent criminals from accessing the system from the outset. 
3. Continuous Risk Assessment and Transaction Monitoring: Compliance is not a one-time event. It requires constant monitoring of transactions for suspicious patterns and continuous screening of customers against sanctions lists, PEPs, and adverse news.

Technology Partners for Comprehensive 6AMLD Compliance

In this new and demanding environment, having a specialized technology partner is crucial. Trusted service providers and RegTech partners offer an ecosystem of solutions specifically designed to address the challenges of 6AMLD.  

For example, the Tecalis Identity and Tecalis Sign platforms directly address the CDD requirements of 6AMLD, providing the tools for secure, automated identity verification and secure signing of financial contracts.

• Biometrics, Liveness Detection, OCR, and NFC: Use a set of advanced technologies to ensure that the person performing the onboarding is who they say they are and that their documents are authentic. Facial biometrics are compared with the photo on the document, preventing identity fraud. Optical Character Recognition automatically extracts data from the document without errors, while NFC technology can read chips in passports and identity documents. These measures are a direct defense against fraud and cybercrime.
• Automated KYC/KYB Workflows: Automate the entire onboarding process, from document capture to verification. This not only speeds up the process and improves the customer experience, but also ensures consistent application of compliance policies. Each step is recorded, creating an audit trail that serves as evidence. Tecalis Identity KYB is specifically designed to verify corporate documents, meeting one of the core requirements of AML regulations.

Tecalis Sign protects your company from the legal consequences of 6AMLD. Its value goes far beyond simply signing a document.

• Legal Validity and eIDAS Compliance: It offers multiple types of electronic signatures (simple, with OTP, biometric, and certified), all of which comply with the EU's eIDAS regulation. This guarantees the full legal validity of all signed contracts and agreements.  
• The Critical Role of Immutable Audit Reports: Every interaction within a Tecalis Sign signature process—from sending the document, opening it, viewing it, to the final signature—is recorded with a timestamp and stored in an immutable audit report. This document can be admissible expert evidence in legal proceedings.
• Automation of Secure Contracting: The platform allows you to create templates and workflows to automate the entire contracting process. This ensures that each contract follows a standardized procedure in accordance with company policies. 

In the context of 6AMLD, a tool like Tecalis Sign is transformed. It ceases to be a solution for improving operational efficiency and becomes a strategic legal defense asset. The Tecalis Sign audit report provides a definitive and objective response. It demonstrates, with reliable evidence, that a robust and compliant process was followed for a specific transaction. Therefore, the investment in such a platform is no longer measured by the time saved, but by its ability to build an evidentiary shield that can protect the company from million-dollar fines.

Types of Crimes in AML6: Updated Classification

For compliance teams to act effectively, it is vital to understand how some of the key predicate offenses manifest themselves in practice and how monitoring systems need to be adapted.

• Cybercrime: Activities such as phishing, hacking, or digital fraud. Transaction monitoring systems must be able to identify patterns associated with this crime. For example, flows of funds from multiple unknown sources converging on a single account and being withdrawn quickly, often via cryptocurrencies, may be an indicator of ransomware collection.  
• Tax Crimes: Tax evasion or avoidance to conceal assets. Harmonization to include direct and indirect taxes means that financial institutions must be alert to more complex evasion schemes. This could include the use of cross-border corporate structures to hide income or commit VAT fraud.  
• Corruption and Fraud: The detection of these crimes depends largely on robust and continuous screening of Politically Exposed Persons (PEPs) and adverse news. An effective compliance system must be able to alert in real time if a customer or one of their counterparties appears in news related to investigations into bribery, corruption, or large-scale fraud, allowing for an immediate reassessment of their risk profile.

Criminal Liability of Legal Entities and Individuals

The 6AMLD establishes a clear and unambiguous liability framework, where both individuals and organizations must be held accountable for their actions and omissions.

For natural persons: 

The directive reiterates that criminal liability extends beyond the actual perpetrator of the money laundering. Any individual who aids, abets, or facilitates the commission of the crime is equally guilty. This means that employees who collaborate in the concealment of illicit funds may face prison sentences of up to four years.  

For legal entities:

A company may be held criminally liable under two main conditions:

1. If a money laundering offense is committed for its benefit by a person in a management position.
2. If the commission of the crime was made possible due to a lack of supervision or control by one of these persons in a management position.  

This second point is crucial. The absence of a robust compliance program, lack of staff training, or lack of adequate technology for supervision can be interpreted as a "lack of control" that opens the door to criminal liability for the company, with fines of up to millions of euros or a direct ban on activity.

Tags