Inability to meet customer due diligence requirements under the AMLR

This post is part 9 in our in-depth review of the EU’s AMLR and focuses on the consequences where an obliged entity cannot meet the customer due diligence requirements under Article 21. The topic also links to the internal prerequisites addressed in our fifth post on staff competence as part of risk management. The Regulation assumes that obliged entities ensure relevant personnel complete AML training to the extent required to identify risks, carry out customer due diligence and take correct decisions under Article 21.

Morling Consulting supports clients across Europe with professional AML advice to help interpret and implement the Regulation’s requirements, with a focus on legally robust, consistent and proportionate compliance.

Customer due diligence as a cornerstone of the AMLR

The requirement to apply customer due diligence measures is one of the cornerstones of the EU framework to prevent money laundering and terrorist financing. Under the Regulation, these requirements are directly applicable and more harmonised across the Union. The aim is to reduce differences in national application and strengthen collective resilience against financial crime.

Article 21 specifically governs the situation where an obliged entity cannot meet the customer due diligence requirements under Article 20(1). The provision is central because it clearly confirms that customer due diligence is a legal prerequisite for business relationships that must be complied with. Without adequate customer due diligence, there is no lawful basis to execute transactions or maintain business relationships.

AMLR Article 21 – Inability to comply with customer due diligence measures

Under Article 21(1), an obliged entity must refrain from carrying out a transaction or entering into a business relationship where the customer due diligence measures cannot be fulfilled. If the business relationship is already established, it must also be terminated. The obliged entity must further consider reporting a suspicious transaction to the Financial Intelligence Unit (FIU) in accordance with Article 69. The link between insufficient customer due diligence and suspicion of money laundering or terrorist financing is clear: if an entity cannot identify the customer, understand the purpose of the relationship or establish the beneficial owner, that in itself indicates elevated risk that prevents doing business with that customer.

Article 21(1) also includes important clarifications to avoid disproportionate outcomes. Terminating a business relationship must not prevent receipt of funds due to the obliged entity. This is intended to address situations where transactions have already been initiated. Where the obliged entity is required to safeguard customers’ assets, termination must not be treated as requiring the customer to dispose of their assets. For life insurance contracts, Article 21 provides a more flexible approach. Instead of immediate termination, obliged entities may refrain from carrying out transactions on the customer’s behalf, including payments to beneficiaries, until the customer due diligence requirements are met.

Article 21(2) sets out an important exemption for notaries, lawyers, other independent legal professionals, auditors, external auditors and tax advisers when they assess a client’s legal position or defend or represent the client in, or concerning, legal proceedings. At the same time, the exemption is clearly limited. It does not apply where these actors participate in predicate offences to money laundering, money laundering or terrorist financing, provide legal advice for such purposes, or know that the client is seeking advice for that purpose. Knowledge or purpose may be inferred from objective and factual circumstances.

Under Article 21(3), there is a documentation requirement: obliged entities must document the measures taken to meet the customer due diligence requirements. This includes recording decisions, relevant supporting documentation and the reasons underlying those decisions. The documentation requirement also applies where an obliged entity refuses to enter into a business relationship, terminates an existing business relationship or applies alternative measures. The documentation must subsequently be kept up to date each time customer due diligence measures are reviewed under Article 26. The provision underscores the importance of traceability and internal control, both for supervisory purposes and for the obliged entity’s own risk management.

Finally, Article 21(4) provides that AMLA, together with the European Banking Authority, must issue joint guidelines by 10 July 2027 on which measures credit institutions and financial institutions may take to ensure compliance with the rules to combat money laundering and terrorist financing, including business relationships affected by so-called de-risking practices.

Training, staff controls and screening as practical prerequisites

Although Article 21 formally regulates external measures vis-à-vis customers, compliance is highly dependent on internal structures. Gaps in training, insufficient staff controls and inadequate screening increase the risk that customer due diligence measures are not applied correctly or consistently. AML training should be recurring and tailored to different roles within the organisation. Employees working close to customers need to understand when and why a business relationship must be terminated under Article 21.

What Article 21 means for obliged entities when customer due diligence is not achieved

Article 21 of the AMLR clearly demonstrates that customer due diligence is an absolute prerequisite for business relationships within the regulated scope. Inability to meet the requirements has immediate legal consequences. This entails a clear requirement for organisations to ensure sufficient competence, clear allocation of responsibilities and effective control mechanisms.

Morling Consulting helps clients across Europe with interpreting and implementing the requirements of the EU’s AMLR, including through advanced AML training, reviews of internal procedures and professional AML advice tailored to the business’s risk profile.