Before answering this question, we must first clarify who has to comply with the German AML law. Legally speaking: Who are the obliged entities according to German AML law? The obliged entities are listed in Section 2 para. 1 no. 1 to no. 16 German Money Laundering Act (Geldwäschegesetz – GwG). We do not want to spoil the Pre-Christmas mood entirely by enumerating them all and will therefore focus on the most important ones:
The obliged entities are first all service providers who offer (regulated) banking services, insurances, financial services and payment services. Besides, depending upon situation, real estate agents, lawyers and goods dealers for particularly expensive goods are considered as obligated by the GwG as well. Companies that are not obligated are, for example, those that provide payment services but can invoke an exception, e.g. limited range, or group exception. If the obliged entity is the parent company of a group, these obligations may also extend to the entire group (Section 9 GwG).
Among others, the obliged entity is subject to the following obligations under German AML law:
Preparation of a risk analysis (Section 5 GwG)
The obliged entity must prepare a risk analysis in which it analyses the money laundering risks associated with its products. These risks vary greatly from product to product. To put it bluntly: a payment service that allows North Koreans to anonymously pay for high-quality products in Europe in cash carries a higher risk than a product without cash payment and with limitation on small amounts for domestic products.
Creation of internal security measures (Section 6 GwG)
Internal safeguards include the development of internal principles and procedures that define how money laundering risks are dealt with and how AML regulations are met. This in turn varies greatly depending on the respective business model of the obliged entity. These processes are usually recorded in a so-called money laundering manual. The security measures also include the obligor’s verification of the reliability of its employees. For example, the certificates submitted are checked when the employee is hired, or a police record is required on employment. In addition, employees must regularly attend training courses about money laundering.
Appointment of a money laundering officer (Section 7 GwG)
The obliged entity must appoint a money laundering officer. The money laundering officer is responsible for ensuring compliance with the money laundering regulations. He or she must have a minimum qualification, must be located directly below the management level, and must carry out his or her duties in Germany.
Identification of the contracting party and its representative (Section 10 para. 1 no. 1 GwG)
The obligor must identify his contractual partner and his representatives. The identification process consists of two steps. Certain data must be requested from the customer and then be verified. As an example, in the case of a natural person, the personal data must be recorded and then verified by means of an identification document. This is usually done in the “Postident” or “Videoident” procedure. The data from legal entities are verified by extracts of the commercial, article of association or similar documents.
The identification must take place at the time of the conclusion of the contract. Not only the customer, but also the persons acting on behalf of the customer (e.g. managing director, authorized signatory) must be identified.
Clarification of the beneficial owners (Section 10 para. 1 no. 2 GwG)
The obligor must identify the economic beneficiaries of each contracting party. In simplified terms, an economic beneficiary is any natural person in whose ownership or under whose control the contracting party ultimately stands or at whose instigation a transaction is ultimately carried out or a business relationship is ultimately established. Control is assumed if the natural person directly or indirectly holds 25% of the shares in the contractual partner or controls 25% of the voting rights.
Examination whether a PEP (politically exposed person) is involved
Monitoring of the business relationship / Obligations to keep records / Reporting obligations
The obligor must continuously monitor the business relationship including the transactions. The obligor must keep the data collected in the KYC (know your customer) process for five years and destroy it after ten years at the latest. The obligor must report suspicious transactions to the German Financial Intelligence Unit.
Cover picture: Copyright © Adobe/ sutthinon602