A new Grand Ducal Regulation of 5 August 2015 reduces AML customer identification measures
18 August 2015
A new Grand Ducal Regulation of 5 August 2015 reduces AML customer identification measures and means that under certain conditions professionals subject to AML obligations do not have to verify the identity of the customer and, as the case may be, of the beneficial owner in the context of the provision of certain payment services and electronic money transactions.
Published on 10 August 2015, a new Grand Ducal Regulation amends the Grand Ducal Regulation of 1 February 2010 providing details on certain provisions of the amended law of 12 November 2004 on the fight against money laundering and terrorist financing in its article 2 relating to the simplified customer due diligence.
The new Grand Ducal Regulation provides that, under certain conditions, professionals subject to the act of 12 November 2004 relating to the fight against money laundering and terrorist financing, as amended (the AML Act), may reduce the AML customer identification measures and do not need to verify the identity of the customer and, as the case may be, of the beneficial owner in the context of the provision of certain payment services and electronic money transactions.
In addition to reducing the burden of AML obligations in relation to transactions, which could be considered as representing a low risk of money laundering and terrorism financing, this new Grand Ducal Regulation removes the prevailing uncertainty about the minimum customer verification obligations incumbent upon professionals providing payment services and electronic money services, where the so-called simplified customer due diligence could apply.
The new Grand Ducal Regulation has been enacted while the directive 2015/849/EU (the 4th AML Directive) has been recently adopted. Luxembourg legislation already takes into consideration certain ‘novelty’ of the 4th AML Directive. However, further changes have to be expected in the AML legal framework in a near future in the context of the implementation of the 4th AML Directive in Luxembourg law. EU Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this 4th AML Directive by 26 June 2017.
Previous Customer Due Diligence framework
The AML Act provides for an obligation, inter alia, to:
- identify the customer (i.e. request the relevant information from the customer, such as name, surname, address, place and date of birth/denomination, legal form, registered office, etc);
- verify the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source; and
- identify, where applicable, the beneficial owner and take ‘reasonable measures’ to verify its identity so that the professional is satisfied that it knows who the beneficial owner is.
The AML Act provides for a risk-based approach principle pursuant to which professionals shall apply each of the customer due diligence measures, but may determine the extent of such measures on a risk-sensitive basis depending on the type of customer, business relationship, product or transaction (article 3(3) of the AML Act).
In this context, the AML Act further provides for three levels of customer due diligence (the DD) incumbent upon, among other professionals, payment institutions and electronic money institutions:
- Normal DD (the NDD);
- Enhanced DD (the EDD) required, notably, in situations which, by their nature, can present a high risk of money laundering or terrorist financing; and
- Simplified DD (the SDD) in order to take into account situations where the risk of money laundering or terrorist financing is low, the AML Act lists a number of situations in which the professionals may reduce the extent of identification and verification measures.
In respect of the SDD derogatory regime, while it was understood that the customer identification obligation was required as a minimum, it was uncertain how far the professionals could reduce the obligation to verify the identity of the customer (and, as the case may be, of the beneficial owner), in the absence of any specific reference to this effect in the AML Act and the CSSF Regulation 12-02 on the fight against money laundering and terrorist financing.
The Grand Ducal Regulation of 5 August 2015 solves this issue by exempting, under certain conditions, professionals from AML customer verification obligations in the context of the provision of certain payment services and electronic money transactions.
Conditional exemption from verification obligation
The new Grand Ducal Regulation of 5 August 2015 specifies cases where professionals may reduce identification measures and be exempted from verifying the identity of their customer and, if applicable, of the beneficial owner.
Basically, the reduction of AML customer identification obligations and the exemption from verifying the identity of the client (and, as the case may be, the identity of the beneficial owner) as a consequence thereof may be applicable, provided that the following conditions are met:
- the operation relates to payment services as set out under number 3 items 2 and 3, number 4 items 2 and 3, numbers 5 and 7 of the annex of the act of 10 November 2009 on payment services, as amended, namely:
- the execution of payment transactions through a payment card or a similar device;
- the execution of credit transfers (including standing orders)
- the issue or acquisition of payment instruments; and
- the execution of payment transactions where the consent of the payer to execute a payment transaction is given by means of any telecommunication, digital or IT device and the payment is made to the telecommunication, IT system or network operator, acting only as an intermediary between the payment service user and the supplier of the goods and services.
- the operation is made via accounts held by payment services providers established in an EU Member State or a country applying equivalent AML requirements;
- the operation does not exceed the unit amount of EUR250; and
- the total amount of operations made for the client in the past 12 months preceding the operation does not exceed EUR2,500.
Where payment is made with electronic money, as defined in Article 1(29) of the act of 10 November 2009 on payment services, as amended, the exemption from verifying the identity of the customer and, as the case may be, the beneficial owner, may be applicable, provided that:
- if it is not possible to recharge, the maximum amount electronically stored in the device is no more than EUR250. Concerning national payment transactions, the cap of EUR250 is increased to EUR500; or
- if it is possible to recharge, a limit of EUR2,500 is imposed on the total amount transacted in a calendar year, except when an amount of EUR1,000 or more is redeemed in that same calendar year, upon the electronic money holder’s request.
The implementation of the obligation to verify the identity of the customer (and, as the case may be, the beneficial owner) was a major source of concern for payment institutions and electronic money institutions providing services in connection with the buying and selling of goods and services on a marketplace, given the considerable constraint created by such obligation in light of the sometimes very low amount at stake. Another consequence was the reported customers’ disaffection as they were unwilling to provide relevant personal data and documents in situations where the sums at stake were rather insignificant.
This new Grand Ducal Regulation will therefore be welcomed by the professionals.
Further changes may be expected in the future with the implementation of the 4th AML Directive and any impact on these new provisions may not be excluded. As such, it may be noted that if the 4th AML Directive does not specify the measures to be taken in the context of SDD, the European Supervisory Authorities are requested to issue guidelines detailing the measures to be taken in the context of SDD by 26 June 2017.
 It should be noted that, contrary to the AML Act, the 4th AML Directive does not provide for a list of situations, triggering the possibility to apply SDD. As such, in practice, the professionals will have to determine on a risk-based approach as to whether the relevant relationship or transaction may trigger the application of simplified CDD measures.
 Including the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIAOP) and the European Securities and Market Authority (ESMA).
 Article 17 of the 4th AML Directive. The 4th AML Directive also provides for an exemption of AML obligations with respect to electronic money which does not completely mirror the provisions of the AML Act and of this new Grand Ducal Regulation.