We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
27 October 2017
Former customer due diligence procedures
Something old: earlier rules
Something new: Beneficial Owner Register Act
Something borrowed: automatic cross-checking with existing data
Something blue: penalties
The Fourth Anti-money Laundering (AML) Directive(1) serves to adapt the existing AML legislation to the most recent threats and developments in the financing of terrorism and the abuse of the financial market as a means of supporting criminal enterprises. Austrian legislation transposed the Fourth AML Directive in two major legislative acts:
Further legislative acts were aimed at aligning the Trade Act, as well as the bar rules of lawyers, public notaries, chartered public accountants and tax advisers, to the requirements set out in the Fourth AML Directive.
This update provides an overview of the effects and obligations arising from the implementation of the Fourth AML Directive in Austria – in particular, the due diligence that banks will have to undertake on prospective clients (eg, an Austrian local subsidiary of a foreign legal entity being established in the form of limited liability company).
The client due diligence procedures in place before the Fourth AML Directive came into force required a wide range of information to be disclosed by clients when entering into a business relationship with a credit institution.(4) Core obligations of credit institutions were:
The Financial Market Money Laundering Act does not significantly change the statutory requirements on customer due diligence procedures. Further, the Austrian financial markets regulator has not yet published new guidelines in this respect. Thus, similar to the previous customer due diligence procedures, credit institutions (as well as other entities subject to the Financial Market Money Laundering Act) will require their customers to prove their identity. Natural persons will be required to show in person(5) an official photo identification document issued by a government authority,(6) while legal entities must provide "meaningful supporting documentation" as available under the usual legal standards of their country of incorporation.(7)
For a limited liability company established in Austria, customer identification will be required in the form of an excerpt from the Company Register, which also certifies the shareholders and the power of representation of the natural person representing the client, together with an official identity document regarding such natural person. Power of representation may also be verified by providing the power of attorney or even the articles of association of the client. Further, the client will be required to provide documentation on its shareholder(s) (up to the beneficial owner) in accordance with local standards of the respective shareholders' country of incorporation.
Scrutiny of business activities
Similar to the procedures before the Financial Market Money Laundering Act, the client must provide the credit institution with details regarding its business activities and regular scope of business transactions. A notable change in the Financial Market Money Laundering Act now addresses occasional transactions – that is, transactions outside the scope of a regular business relationship. If such a transaction exceeds €1,000 and is partially performed in an electronic form(8) via a payment service provider, the Financial Market Money Laundering Act requires scrutiny procedures to be performed.
Further, even though such transactions concern a limited amount, the client must be prepared to explain (and evidence) the background of this transfer.
Increased due diligence requirements
Previously, only contractual relationships involving foreign politically exposed persons (PEPs) triggered stricter standards of diligence for the bank, including internal approval procedures. Thus, business activities and the origin of funds had to be duly scrutinised. The Financial Market Money Laundering Act widens the scope of application of the PEP procedures and now also requires national Austrian PEPs to be subject to the same increased due diligence.
Contrary to the Financial Market Money Laundering Act, which is mainly aimed at credit institutions and other participants active in the financial market, the Beneficial Owner Register Act has a significantly wider scope. Under the Beneficial Owner Register Act, all entities enumerated under Section 1(9) must identify and document their beneficial owners,(10) either by themselves or by tasking a legal professional authorised for representation in Austria (eg, an attorney at law or other professional advisers).
Limited liability companies fall under this obligation. Accordingly, a client's management must assess to what extent the shareholder structure must be verified and by which means and documents. Beneficial ownership is assumed if a natural person (the beneficial owner) ultimately holds more than 25% of the shares or voting rights or simply exercises control over the management of an entity. Not only may beneficial ownership be held through direct control, but also via indirect control.
In case of direct control, information on the name, address, nationality and type of identification document must be documented.
In the case of indirect control, the entire intermediary chain of ownership from the Austrian entity up to the ultimate holding entity(11) must be documented accordingly. In order for the beneficial owner to control the client, control must be assumed by each of the intermediate entities (ie, on every level of the shareholder structure). The Beneficial Owner Register Act defines 'control' not only as holding the majority of the shares or voting rights (over 50%), but also addresses the ability of a shareholder to appoint and dismiss the majority of members of the executive board or supervisory board. Hence, control may also be exercised on the basis of the respective entity's articles of association, shareholder or voting right agreements, or may simply arise from effective control or stem from other agreements such as a fiduciary agreements.(12)
Accordingly, the client's management must consider all of the factors that may influence the allocation of control. The level of diligence required by the Beneficial Owner Register Act is that the management must take adequate measures to identify the shareholders of the client, so that they are convinced that they know who the beneficial owner is. In order to enable the client's management to comply with these obligations, the Beneficial Owner Register Act requires shareholders to provide the documents or information needed.(13)
Should the client fail to identify its beneficial owners, members of the management board will be considered and registered as the beneficial owners.(14)
Entities must submit their data on beneficial owners to the Beneficial Owner Register, operated by Statistics Austria (a federal institution under public law) through the Unternehmensservice Portal (USP – a specific company service portal of the Austrian government). While the information to be registered also includes information on the exact means and methods of how control is exercised in the shareholder structure, no underlying documentation (except copies of official photo identification documents of any beneficial owners residing outside Austria) must be filed. However, these documents and information must be kept by the client for a minimum of five years after the termination of beneficial ownership.
The initial registration of the client's beneficial owners must be complete by June 1 2018 at the latest (the registration phase will start on January 15 2018).(15) Following the initial registration, the client's management must actively repeat its assessment of the ownership structure at least annually(16) and has to notify any changes to the ownership as soon as it has gained knowledge thereof.(17)
When entities register data on local Austrian beneficial owners, it is compared against data available from the general civil register and the Austrian Corporate Register, which combines data from the Company Register maintained by the Austrian judicial system, as well as the Supplementary Register and the Register of Associations.
This 'borrowed' data populating the Beneficial Owner Register is the basis for a potential exception from the notification obligation. An entity would be released from the obligation to disclose information if the beneficial owner can be directly derived from already existing records and other registers. This would apply to, for example, limited liability companies whose shareholders are natural persons domiciled in Austria.(18)
Accessing data in Beneficial Owner Register
Access to the Beneficial Owner Register is highly limited under the Beneficial Owner Register Act. The Beneficial Owner Register Act defines a group of specially obliged entities, persons and institutions (including credit institutions and legal professionals authorised for representation in Austria) that may access the data in order to comply with their respective statutory obligations regarding the prevention of money laundering and financing of terrorism. Further, attorneys and other legal professionals may access the data when advising their clients with respect to their client's obligations under the Beneficial Owner Register Act.(19) In addition, Austrian authorities (eg, administrative, financial and penal authorities), the financial market regulator, the Austrian National Bank and the penal courts may access the data. Finally, third parties (ie, other natural persons or entities)(20) may be authorised to access the data on a case-by-case basis, provided that they can evidence a legitimate interest. Among those allowed to access the data, the Beneficial Owner Register Act further limits the way in which searches can be conducted on an individual basis. In any case, access to the data is limited to a search for a specific entity or specific natural person.
Access is granted by way of a certified (regular) extract listing:
Although a regular excerpt constitutes a valid means to determine the beneficial owners, it may not be used for verification.
In addition to this regular extract, an extended extract may be obtained. This extended extract includes an automatically generated schematic overview:
The extended extract – provided that it is not earmarked as being incomplete – may be used as a reliable source to verify the identity of an entity's beneficial owner, provided that a limited verification of the data in the excerpt with the information obtained from the customer revealed no indications that the information provided in the excerpt was incorrect.(22)
An excerpt will be considered incomplete if:
If the client is a local subsidiary of a foreign local entity, the extended extract will be earmarked as incomplete. Accordingly, the bank will demand more documents evidencing the beneficial ownership structure of the client.(23) This includes an excerpt from other public registers (eg, from the Company Register), affiliated or intermediate entities respectively and non-public documentation to be provided by the client (eg, the annual audit and minutes of the most recent shareholder meeting, including a list of attendees). If the concerned entity is not entered in the register and therefore information on the management level is unavailable, the articles of association and documents certifying the appointment of the person currently in charge of executive representation of the company may be required. Even internet research may be used.(24)
If in the course of further due diligence with the client, the bank becomes certain that the data entered by the client is incorrect and that the discrepancies are relevant, it may initiate a procedure leading to an annotation of the excerpt.
Failure to meet the obligations arising from the Financial Market Money Laundering Act may trigger significant penalties. Administrative penalties pursuant to the Financial Market Money Laundering Act may amount up to €5 million or up to 10% of the annual total turnover. Penalties may also be levied against individuals involved in the entity's management, as well as against the legal entities itself.
A failure to comply with obligations under the Beneficial Owner Register Act triggers further legal issues. Should the client's management fail to report fully in time, an administrative fine may be imposed by the financial authorities. In the case of gross negligence or intentional violations of reporting obligations, the members of the management will be considered to have committed a 'financial offence' within the meaning of the Law on Financial Crimes, and thus may become subject to a financial criminal procedure leading to fines of up to €200,000. Further, fines of up to €100,000 may be imposed on those who access data in the Beneficial Owner Register in violation of the respective limitations set out by the Beneficial Owner Register Act.
The implementation of the Fourth AML Directive in Austria will not significantly amend the scope of the due diligence procedures to be adhered to when establishing the business relationship between a bank and its clients. Further, assuming that the client diligently complies with the new obligations under the Beneficial Owner Register Act, maintaining the business relationship with the bank, as well as establishing relationships with professional advisers in transactions that are likely to bear a higher risk of money laundering, will become easier, as clients will hold information (and documentation) on their beneficial owners up to date and ready.
However, in order to be properly prepared, a client must take adequate measures to identify its indirect shareholders so that it is convinced that it knows who its beneficial owners are. This exercise needs to be taken not only once, but annually, and also during the year if changes in the shareholder structure become obvious. Further, the level of scrutiny to be applied by the management (eg, with respect to identifying the means and methods of exercising control at higher levels in the shareholder structure) may be a difficult task. Of course – and in particular in the case of cross-border ownership structures within Europe – all parties involved will be subject to similar obligations and will know the requirements set out by the Fourth AML Directive. Accordingly, information and documentation should become more readily available and less time will be needed to fulfil this task.
Notwithstanding that, correctly identifying the beneficial owners in accordance with the Beneficial Owner Register Act may be challenging – in particular, in the case of complicated ownership structures (eg, involving trusts or private equity and venture capital investment vehicles) or cross-border structures involving non-EU entities. In order for a company to ensure compliance properly, tasking its legal counsel with performing entry and reports (as currently foreseen in the Beneficial Owner Register Act) may be considered as an effective means to reallocate management time and resources.
Further, if a client's management fully complies with all obligations and enters correct and meaningful data into the register, incorrect annotations caused by the automatic cross-checks by authorities and banks based on outdated data may lead to additional work, as the management must then re-assess the shareholder structure and input an unnecessary entry into the Beneficial Owner Register. In addition, credit institutions and professional legal advisers will have to perform their own assessment, and may not rely on the data derived from the Beneficial Owner Register.
Accordingly, the efforts invested by the client in the identification of its beneficial owners will be only a tool to effectively handle customer intake procedures based on the Fourth AML Directive; however, this will not immunise the client (or other entities) from further questions as regards its shareholder structure, its beneficial owner(s) and its business activities.
For further information on this topic please contact Stephan Schmalzl at Graf & Pitkowitz by telephone (+43 1 401 17 0) or email (firstname.lastname@example.org). The Graf & Pitkowitz website can be accessed at www.gpp.at.
(5) The Financial Market Money Laundering Act now also allows for online identity verification via a video-assisted system, provided that the risk resulting from the client being absent can be minimised accordingly.
(6) The minimum requirements regarding such document are that it must bear a non-replaceable, recognisable photograph of the person and include the name, date of birth and signature of such person (to that end, Austrian driving licences are also admissible).
(9) Pursuant to Section 1 of the Beneficial Owner Register Act, the scope of application encompasses a majority of legal entities under Austrian and EU law – for example, companies with limited liability, stock corporations, limited partnerships and European societies. Moreover, 'private foundations' within the meaning of Section 1 of the Private Foundation Act are addressed, as are trusts and structures resembling a trust, provided that they are managed in Austria. The latter condition will be fulfilled if the trustee, or the resembling custodial entity, has its place of residence in Austria.
(11) As a rule, an 'ultimate holding entity' within the meaning of the Beneficial Owner Register Act is the entity standing at the top of the shareholder structure and which is directly held by the beneficial owner(s). Taking a closer look, the qualification of the ultimate holding entity may become tricky under certain ownership structures.
(13) The extent of application of this provision may be considerable, as in multinational enterprises, every legal entity may be obligated to provide information as soon as one of its many subsidiaries falls under the duty to report pursuant to the Beneficial Owner Register Act.
(17) This may also be the case if the client would receive official information from the Beneficial Owner Register that an annotation has been set to its entry and that it may not rely anymore on the data presented to be correct. In this case, the client must verify its beneficial owner and eventually rectify its entry; following such rectification, the annotation will be deleted without any further proceedings. Notably, pursuant to Section 11(4) of the Beneficial Owner Register Act, the annotation itself does not imply an increased risk with regard to the client.
(23) Even if the extended excerpt is complete, it does not relieve a bank (or, eg, professional advisers) from its obligation to gather supplementary documents, should the internal risk assessment and profile demand it; see Section 6(5) of the Financial Market Money Laundering Act.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.