Risk-based customer due diligence under the AMLR – enhanced measures, beneficial ownership and cross-border relationships

In this thirteenth instalment of our blog series on the EU’s AMLR, we focus on Articles 34–36, which govern when and how enhanced customer due diligence measures must be applied. The provisions build on the customer due diligence framework discussed in earlier parts of the series.

For businesses required to apply customer due diligence measures, it is important to collect information on, among other things, UBOs and ownership and control structures and the customer’s identity. There are also situations where additional enhanced customer due diligence requirements apply, for example in relation to transactions and business involving certain geographic risks. Readers who wish to explore this further are referred to Part 11 of our series, which addresses the management of money laundering and terrorist financing risks linked to third countries.

In this section, the interaction between risk assessment and enhanced customer due diligence measures is central. For senior management and boards of obliged entities, this highlights the need for strategic AML risk management advice, where Morling Consulting supports operators with specialist legal expertise.

Article 34 AMLR – Scope of application for enhanced customer due diligence

Article 34 is the core provision of the AMLR’s regulation of enhanced customer due diligence. It clarifies both when such measures are mandatory and which concrete steps obliged entities are expected to take to address and mitigate money laundering and terrorist financing risks. Under Article 34(1), enhanced measures must be applied in all situations covered by Articles 29–31 on third-country risks, Articles 36–46, and in other cases where obliged entities, within the framework of their risk-based assessment under Article 20(2), identify a higher risk.

Article 34(2) introduces an express requirement to conduct a deeper analysis of certain transactions. Obliged entities must examine the origin and destination of the funds involved in transactions that are complex, unusually large, lack a clear economic or lawful purpose, or display unusual patterns, as well as the purpose of those transactions.

When conducting the risk assessment, obliged entities must, under Article 34(3), take into account at least the potentially higher-risk factors listed in Annex III and AMLA’s guidelines under Article 32. Obliged entities must also consider any other indicators of higher risk, including intelligence from financial intelligence units and the outcome of the business-wide risk assessment.

Article 34(4) specifies which enhanced customer due diligence measures may be relevant in higher-risk cases. These must be applied in proportion to the identified higher risks and include, among other steps, obtaining additional information about the customer and the ultimate beneficial owner, obtaining additional information about the intended nature of the business relationship, obtaining additional information about the source of funds and source of wealth, and enhanced monitoring of the business relationship.

More far-reaching requirements apply under Article 34(5) for credit institutions, financial institutions and trust or company service providers, in situations where assets of at least EUR 5 million are managed for customers with total assets of at least EUR 50 million. Where a higher risk has been identified, the relevant obliged entities must apply specific enhanced customer due diligence measures, in addition to the enhanced measures applied under Article 34(4). Measures under Article 34(5) include procedures to mitigate risks linked to bespoke services and products offered to the customer, obtaining additional information on the provenance of the customer’s funds, and preventing and managing specific conflicts of interest.

Article 34(6) also allows Member States to require obliged entities to apply enhanced customer due diligence measures when a higher risk is identified. Where such a decision is taken, Member States must inform the Commission and AMLA. The Commission may also, under Article 34(7), adopt delegated acts to supplement the AMLR where the Commission identifies additional higher-risk cases.

At the same time, Article 34(8) clarifies that enhanced measures must not automatically be applied to branches or subsidiaries of obliged entities established in the EU that are located in high-risk third countries under Articles 29–31, provided that the branches or subsidiaries fully comply with the group’s common AML framework.

Article 35 AMLR – Countermeasures to mitigate money laundering and terrorist financing threats from non-EU countries

Article 35 complements the framework on high-risk third countries by specifying which countermeasures may be adopted when applying Articles 29 and 31. The Commission may then choose among the countermeasures set out in Article 35. Countermeasures for obliged entities, to be applied to natural and legal persons involving high-risk third countries and other countries that may pose a threat to the EU’s financial system, may include additional enhanced customer due diligence measures, strengthened reporting requirements and reporting mechanisms, or restrictions on business relationships or transactions with natural or legal persons from the relevant third countries.

The countermeasures that Member States must apply in respect of high-risk third countries and, where relevant, other countries that may pose a threat include, for example, prohibitions on obliged entities establishing branches or representative offices in the third country concerned, requirements for intensified supervisory scrutiny, or stricter requirements for external audit.

Article 36 AMLR – Specific enhanced customer due diligence for cross-border correspondent relationships

Article 36 contains specific rules for cross-border correspondent relationships, including relationships entered into for securities transactions and the transfer of funds, involving the execution of payments with a counterparty institution in a third country.

In addition to customer due diligence measures under Article 20, credit institutions and financial institutions must, when entering into such a business relationship, obtain sufficient information to fully understand the counterparty institution’s business, assess its reputation and the quality of its supervision, and evaluate its AML and CTF controls. Management approval is also required, together with clear allocation of responsibilities and specific controls for so-called payable-through accounts, where access to customer information and identification of underlying customers are critical.

Finally, Article 36 sets a documentation requirement for credit institutions and financial institutions. Where such institutions decide to terminate cross-border correspondent relationships for reasons attributable to AML and CTF strategy, that decision must be documented.

Overall significance of Articles 34–36

Taken together, Articles 34–36 provide a detailed framework for how enhanced customer due diligence measures must be applied in higher-risk situations. The regime emphasises proportionality but leaves limited scope for deviation where the risk level indicates hard-to-explain transactions or activities. For obliged entities, this means that customer due diligence work, including identification of the ultimate beneficial owner and analysis of ownership and control structures, must be both robust and adaptable. Access to reliable information, not least via beneficial ownership registers, becomes critical in meeting the AMLR’s requirements and enabling well-founded decisions on business relationships.

Morling Consulting supports operators across Europe with specialist legal advice within the AMLR’s scope. Through deep expertise in enhanced customer due diligence and risk management, we provide strategic AML advisory services. Our work is designed to secure a legally sound, proportionate and operationally effective implementation of the regime, aligned with both legislative requirements and supervisory expectations. Read more about how we can support you at morlings.se