If insurance companies conduct transactions with an affinity for money laundering/terrorism financing (especially life insurance transactions, products with an investment character or return of premiums, capitalisation products and lending transactions), they are subject to the obligations of the Money Laundering Act (“GwG”) as obligated parties under money laundering law.
Table of Contents
Insurance companies subject to the AMLA must establish effective risk management in order to prevent them from being misused for the purposes of money laundering and terrorist financing. The company-specific risk exposure must be recorded in a risk analysis and internal security measures must be derived from this. In addition, obliged insurance companies must comply with the so-called customer due diligence obligations (Know Your Customer – KYC) in order to fulfil the central objective of the money laundering prevention regulations – the avoidance of anonymity and the creation of transparency.
In this respect, the insurance sector is characterised by the fact that not only the contractual partner – usually the policyholder -, persons acting on their behalf and any beneficial owners, but also any beneficiaries must be identified. In this context, products with a particular affinity for risk, such as (term) life insurance, mean that the policyholder/contractual partner and the authorised beneficiary are not the same person.
Expectations and recent criticism from the supervisory authority
Compliance with the requirements of money laundering law, in particular the risk analysis to be prepared by the obligated insurance companies, the continuous monitoring of the business relationship and the suspicious activity reporting system, are increasingly becoming the focus of money laundering supervision. In December 2023, BaFin repeatedly denounced conspicuous irregularities in the supervised insurance companies at its “Symposium on the prevention of money laundering and terrorist financing” and in its special “Supervisory experience with insurance companies”.
The main points of criticism focus primarily on the risk analysis (e.g. too formal/schematic, too rough a summary of risk factors, lack of explanations on the methodology, lack of differentiation between risks of money laundering and terrorist financing, blanket statement of net risks, not designed in a company-specific manner), the monitoring of the business relationship (in particular the insufficient recording/monitoring of cash inflows) and the handling of politically exposed persons (“PePs”).
Ultimately, BaFin is taking the same line that was already pointed out in the First National Risk Analysis (2018/2019): Insurance companies – unlike credit, financial services, payment and e-money institutions, for example – are not legally obliged to operate computerised business relationship and transaction monitoring. This is directly reflected, for example, in the low number of suspicious money laundering reports submitted by insurance companies.
Act to improve the fight against financial crime
The draft law to improve the fight against financial crime (FKBG) is intended to expand the group of addressees under money laundering law in the insurance sector. In addition to insurance companies, which become obligated parties depending on the products they offer, in future also
- Insurance holding companies,
- Companies pursuant to Section 293 (4) VAG (domestic companies not subject to supervision under the VAG whose main activity is the acquisition and holding of direct or indirect participations in primary insurance or reinsurance companies or pension funds) and
- Companies that exercise a controlling influence over an insurance company within the meaning of the GwG or over a pension fund pursuant to section 236 para. 1 sentence 1 VAG
are subject to the obligations of the GwG. The main purpose of this is to achieve regulatory harmonisation and uniform group supervision: according to Section 25l KWG (soon to be Section 2 (1) No. 2a GwG), financial holding companies and mixed financial holding companies are already subject to anti-money laundering obligations. The legislative process for the FKBG is still ongoing, the first reading in the Bundestag took place on 14 December 2023, with actual entry into force expected in Q2 or Q3 2024 at the earliest.
EU money laundering package – fundamental changes to the obligation under money laundering law?
Anti-money laundering regulation is primarily on the move at EU law level: The EU money laundering package (consisting of an EU money laundering regulation, which applies directly in the member states and will largely replace the AMLA, the sixth EU money laundering directive and the establishment of a European money laundering supervisory authority) has already been adopted by the EU Parliament; the formal approval of the EU Council of Ministers is still pending.
Prevention of money laundering and terrorist financing and sanctions compliance?
It is already foreseeable that the EU money laundering package will be accompanied by a further tightening of the legal requirements and thus an increase in internal company costs. This is immediately recognisable in the now mandatory close cooperation between the prevention of money laundering/terrorist financing and compliance with financial sanctions. From now on, internal company compliance with these sanctions will fall under the original area of responsibility of the compliance officer or money laundering officer and will henceforth – as a third element alongside money laundering and terrorist financing – be reflected in risk management and the fulfilment of corresponding security measures/duties of care.
For insurance companies, the relevance of this innovation is immediately apparent: Financial sanctions are regularly aimed at prohibiting the direct or indirect provision of financial resources or financial assistance to sanctioned persons/entities. In principle, these prohibited financial resources/financial assistance also include all types of insurance and reinsurance, including export credit insurance.
Restriction or extension of the catalogue of obligated parties?
Under the GwG, insurance companies are also obligated parties if they grant loans. This is relevant for the vast majority of insurance companies insofar as they – as a so-called “proprietary business” (Section 2 (3) KWG) and without requiring a licence for lending business under the KWG – are already required to invest in self-created loan receivables in accordance with the investment principles for the security assets (124 et seq. VAG).
Under the EU Anti-Money Laundering Regulation, insurance companies are only expressly obliged to the extent that they offer life or other investment-related insurance products – there is no explicit reference to the lending business as there is under the AMLA – mind you, this has been a German exception to date! – is not to be found.
The issuing of loans could at most indirectly lead to an obligation under money laundering law: According to Art. 3 No. 2 of the EU Anti-Money Laundering Regulation, obliged entities include “financial institutions“. This explicitly includes insurance companies “insofar as it carries out life or other investment-related assurance activities” (Art. 2 para. 1 no. 6b EU Anti-Money Laundering Regulation). However, as a catch-all provision, companies that carry out certain activities listed in Annex I to the Capital Requirements Directive – CRD IV – including lending, are also deemed to be obliged “financial institutions” under Art. 2 para. 1 no. 6a of the EU Anti-Money Laundering Regulation.
However, there are already systematic arguments (here the special, explicit and conclusive obligation of insurance companies only when offering life or investment-related insurance products, there the granting of loans only under the catch-all offence) against the relevance of loan transactions by insurance companies under the EU Anti-Money Laundering Regulation.