Are you compliant with the 4th Money Laundering Directive?

The Financial Crime Compliance sphere has evolved since the transposition of the fourth money laundering directive into the UK regulatory framework on the 27 June 2017.  

The key topics are:

Risk based approach

  • Firms are expected to manage their compliance resources in a way which is commensurate with the risks
  • This means risk-sensitive decision-making and controls
  • Firms should evidence their assessment, identification and understanding of AML risks faced across their organisation
  • Firms should seek to arm themselves with an array of risk assessments dependent on the size and complexity of their organisation
  • The catalogue of risk assessments should include client risk, business unit/product/service, country level, and enterprise-wide assessments
  • The whitelist of “equivalent jurisdictions” has been repealed and the onus is now on firms to risk assess jurisdictions and document their methodology

Politically Exposed Persons

  • Firms must develop a differentiated and multi-factored approach to the assessment of the risks posed by political exposed persons
  • This mean firms should no longer risk categorise PEPs solely on domestic or foreign geographical risk factors
  • Firms should form a sophisticated and holistic view of the risks associated with PEPs such as their position in government, the nature of the business relationship and potential for it to be misused, as well as other potential conflicts, including lifestyle and wealth factors
  • The time limits to PEP de-risking have been reduced to 12 months following the PEP leaving office albeit, subject to the risk based approach

Enhanced due diligence

  • The directive articulates scenarios for high risk situations where EDD must be applied. This validates the current approach with greater clarity and direction on high risk factors

Simplified due diligence

  • The eligibility criteria for warranting SDD has now been demystified with examples of lower risk situations being articulated including lists of customer types and products

Data retention

  • Client records are required to be retained for 5 years following termination of a business relationship or following the last transaction, with a special clause which permits regulatory powers to implement up to a 5 year extension period. Retention requirements have also been articulated.  The key challenges revolve around data quality and lineage.

Synthetisation of data sharing and data protection rules

  • With the increasing need for international co-operation in the fight against money laundering, corruption and terrorism, firms are expected to recalibrate their data sharing and data protection policies. Firms will be expected to provide client data either internally across their group or externally with regulators and other financial institutions, should it be required to facilitate any investigation falling due for the purposes of the directive.

Fund transfer regulations (FTR)

  • The new rules have been implemented to supplement the 4th AML directive and provide greater transparency and traceability of payments. The requirements will reinforce AML controls with regards to payments and remittance services provided across the entire financial sector.  The rules introduce payment scenarios and set minimum data provisions in relation to payment originators and beneficiaries.  The key implementation challenge to firms will surround streamlining IT enterprise architecture and systems as payment interfaces will need to be reconstructed to address the data field requirements.  With the sheer size and complexity of the payments landscape, firms will need to ensure they interpret the requirements and meet regulatory expectations.


  • Third party reliance requirements outlining conditional criteria governing situations. where firms may place reliance on other obliged entities for their CDD obligations have, now been solidified

How we can help?

Our Regulatory Consulting & Transformation Management teams consist of highly specialised deep domain regulatory advisory services combined with experienced and proven IT and change management professionals operating across the transformation lifecycle. TGP are currently engaged in helping a European Bank conduct gap analysis  between their existing AML frameworks and the legislation. TGP will then help the Bank ensure compliance with the legislation through a well designed and well executed change programme.

We can conduct a detailed gap analysis of how your business will be affected by the new legislation front to back including:

  • Advisory services to 1st and 2nd line functions
  • Workshops and elicitation
  • Policies, procedures, process development
  • Risk assessments and methodology development
  • Deployment of data analytics and data mining techniques
  • Calibration of data models and data flows
  • IT solution design and procurement
  • Project and programme management across the transformation lifecycle
  • Business analysis and requirements definition, inclusive of functional and technical requirements documentation
  • Stakeholder management
  • Location strategy assessments and change management
  • Benefits tracking and realisation management
  • Target Operating Model design and implementation
  • Business process optimisation, Lean and Six Sigma delivery
  • Migration planning and execution
  • Test strategy definition and management
  • Quality management
  • Post-implementation support
  • Project and programme assurance
  • Third-party assurance

For more information and to discuss your specific requirements, please contact Alfie White, Partner. Click here to contact.