The partial reform of the Finnish Act on Preventing Money Laundering and Terrorist Financing (AML Act), which has been in the works since January 2022, was adopted by the Parliament in late March 2023 with the majority of its provisions slated to enter into force on 31 March 2023.
The amendments introduced in the reform address the shortcomings of the Finnish legislative framework, which were identified during the evaluation the Financial Action Task Force (FATF) conducted on Finland in 2019, as well as the deficiencies observed by the European Commission in the implementation of existing European AML directives. In addition, the opinions of Finnish authorities and the private sector were taken into account in the preparation of the reform.
The key amendments introduced by the partial reform relate to the following:
- definitions and scope of application
- customer due diligence (CDD) requirements
- measures to ensure compliance with EU sanctions and targeted asset freezes
- supervision and administrative sanctions.
Definitions and scope of application
The definition of what constitutes a suspicious transaction is now included in the AML Act. The notion covers all unusual transactions of a specific customer whose purpose the obliged entity has not been able to identify. The explanatory memorandum of the government proposal further clarifies that the notion of a suspicious transaction covers suspicions of both money laundering and terrorist financing. The provisions of the Act are aligned with the new definition.
The amended definition of a politically exposed person now also covers members of the administrative, management, and supervisory bodies of partially state-owned enterprises instead of just those serving on the corresponding bodies of wholly-state owned enterprises. Furthermore, the definition covers persons who hold similar positions in foreign state-owned enterprises.
With regard to auditors, the AML Act’s scope of application has been expanded to cover all activities of an auditor when those activities fall within the scope of Finnish Auditing Act. Formerly, the AML Act applied to auditors only when they were carrying out a statutory audit defined in the Auditing Act. In addition, auditors are now required to comply with the AML Act when auditing public administration entities and public finances.
Customer due diligence measures
The revised AML Act introduces amendments to the requirements regarding enhanced customer due diligence (CDD) measures that must be undertaken when a person is no longer entrusted with a prominent public function or when they are otherwise no longer considered a politically exposed person. These new amendments reflect a more risk-based approach as obliged entities are required to take into account the risks related to the specific person during a period of no less than 12 months and to apply appropriate risk-based measures during that period.
The AML Act also requires for enhanced CDD measures to be applied based on a risk assessment not only when a customer or a transaction presents a greater risk of money laundering or terrorist financing but also when such risks are identified in connection with the other activities carried out by the obliged entity. This means that enhanced CDD measures may be applied, for example, in connection with correspondent banking relationships.
Compliance with EU sanctions regulations and targeted asset freezes
A completely new set of provisions introduced in the revised AML Act require for obliged entities to set CDD measures as well as internal policies, procedures, and controls to ensure compliance with any sanctions regulations adopted in the EU. The new requirements cover, first of all, financial sanctions targeted at designated persons and entities.
It is important to note that, in addition to targeted financial sanctions, the obligations also encompass all economic sanctions imposed by virtue of the EU’s sanctions regulations. This aspect of the new provisions is of particular importance in the current context of wide-ranging EU sanctions against Russia entailing broad economic and financial restrictions.
All obliged entities are required to set up sanctions compliance measures. Obliged entities are exposed to different levels of sanctions risks depending on the services provided and the volume and cross-border scope of their activities. Therefore, the measures that are undertaken to ensure compliance with sanctions may, and should, reflect the risks related to the specific obliged entity and its business model.
Failure in setting up adequate sanctions compliance procedures may result in administrative sanctions imposed by the supervisory authorities. This is the first time the possibility to impose administrative penalties when enforcing sanctions has been introduced in Finland as available penalties have previously been limited to criminal sanctions.
The new AML Act clarifies the rules regarding the imposition of administrative sanctions in the wake of executed corporate transactions. If a business is transferred to an obliged entity as the result of an acquisition or other corporate transaction after an infringement or omission has occurred within that business, administrative sanctions may be imposed on the said obliged entity to which the business has been transferred. The purpose of this provision is to ensure that administrative sanctions cannot be evaded by executing a corporate transaction.
In addition, the reform introduces amendments to the method of calculating the amount of penalty payment imposed on credit and financial institutions. Pursuant to the amended provision, the penalty payment will be calculated on the basis of the turnover of the year preceding the imposition of the penalty payment.
The impact of the reform
The new provisions require for financial institutions and other business operators that fall within the scope of application of the AML Act to align their customer due diligence (CDD) procedures as well as their internal policies, procedures, and controls with the new requirements. Any internal guidelines and IT systems used in CDD may need to be updated.
The increased emphasis on the risk-based approach will also require close cooperation between private sector entities and the authorities in order to ensure that the requirements and the extent of the provisions are properly understood. This is particularly important with regard to the new provisions on sanctions compliance.
Although the majority of the provisions are already in force, further guidance and instructions are required. The Finnish Financial Supervisory Authority has stated that it will publish the updated regulations and compliance guidelines for the AML Act as soon as possible.