Finnish Anti-Money Laundering Act Reformed: New Obligations, Tightened Supervision

Related services

The Finnish Government submitted a bill for a new act on the prevention of money laundering and terrorist financing to Parliament at the beginning of November. The new Anti-Money Laundering Act is based on the fourth Anti-Money Laundering Directive, which was drafted with consideration to the recommendations of the OECD’s Financial Action Task Force, founded to counteract money laundering and terrorist financing.

This article presents the key obligations imposed on Finnish entities by the new Act. The parliamentary review of the Government Bill is still ongoing, but the Act is intended to enter into force at the beginning of 2017. At that moment, Finnish entities must comply with the requirements cited in this article, unless the text suggests otherwise.

All Entities Must Declare Their Beneficial Owners

Most of the amendments to the existing anti-money laundering provisions only concern entities that have a statutory reporting obligation (see list below), but there is one significant exception: the new Act obliges all legal persons to report their beneficial owners to registers maintained by the Finnish Patent and Registration Office. The details of the beneficial owners must be submitted to the register by 30 June 2019. Based on the Government Bill, the obligation to report beneficial owners would not concern companies listed on a regulated market.

In the Anti-Money Laundering Act, a beneficial owner refers to a natural person who owns or otherwise controls a legal person. As regards entities, persons holding more than 25% of the entity’s ownership or voting rights are considered beneficial owners. If such a share is held by another legal person, the entity must establish who the natural persons are who are able to make independent decisions in the holding entity. When determining the beneficial owners, entities must bear in mind that positions of control can also be based on, e.g. a shareholders’ agreement.

The following graph illustrates the obligation to report beneficial owners.

Overall, the amendments will make it easier for obliged entities to determine the beneficial owners of their customers by making the information available in a public register. However, it is worth noting that the authorities will not verify the information when it is entered into the register. This is why obliged entities should contact their customers directly to make sure the information is up to date. In addition, they should take into account that the information in the register of beneficial owners only covers the immediately following tier seen from the company in question. Complex ownership structures will still require additional investigation from obliged entities.

Statutory Identification Obligation to Be Based on the Entity’s Own Risk Assessment

The key obligations in the Anti-Money Laundering Act are customer identification and due diligence and the obligation to report suspicious transactions to the Financial Intelligence Unit of the Finnish National Bureau of Investigation. The provisions of the existing Act are fairly clear as to when and in what scope the obliged entities must identify their customers.  In the future, the identification and due diligence obligation will be based on risk assessments performed by the entities themselves.

The risk assessment must be made in writing and cover risk factors relating to the obliged entity’s customers, countries or geographic areas, products, services, transactions or delivery channels. The Act requires obliged entities to have in place policies, controls and procedures to mitigate and manage effectively the risk factors identified in their operations. Obliged entities must also monitor and develop these policies, controls and procedures.

Those preparing a risk assessment should remember that the Act also requires a national risk assessment, which is to be prepared by the Finnish Ministry of the Interior. In addition, supervising authorities are obliged to make a risk assessment of the entities under their supervision. The national risk assessment and the supervisor’s risk assessment will probably provide a good starting point for the individual risk assessments of obliged entities. For example, according to Finland’s national risk assessment for money laundering and terrorist financing of 2015, the key risk items are generally related to real estate investments, transport of cash, front companies, online services, online shadow financial markets and customer fund accounts. 

Obliged Entities Must Have Whistleblowing Channels

Many companies have opened various kinds of whistleblowing channels to make sure that their operations comply with the law as well as their internal policies. Finnish law already contains statutes that require whistleblowing channels in certain instances. Under the new Anti-Money Laundering Act, obliged entities will also have to establish an independent and anonymous whistleblowing channel for the reporting of suspected breaches of the Act.

When implementing these channels, companies must consider not just technical issues but also the requirements of data protection and employment laws. They should also prepare clear instructions on the use and purpose of the channel.

Administrative Sanctions Toughened and Made Public

Recent regulatory developments have tended towards toughened sanctions,  which contributes to the prevention of violations. In the same vein, the sanctions provisions of the new Anti-Money Laundering Act are stricter than those of its predecessor. Furthermore, sanctions will in most cases be made public by the supervising authority.

The Government Bill proposes that the competent authority be given powers to impose a penalty payment on an obliged entity that intentionally or negligently breaches or fails to observe any of its following obligations under the law:

The penalty payment ranges between EUR 5,000 to EUR 100,000 for legal persons and between EUR 500 and EUR 10,000 for natural persons.

However, according to the Government Bill, obliged entities could be ordered to pay penalties much more severe than these if they intentionally or negligently commit serious, repeated or systematic breaches of the above requirements (with the exception of registration in the supervisory register). In this case, the penalty payment could be one million euros or max. twice the amount of the benefit derived from the breach, whichever sum is larger.  The most severe penalties would be reserved for credit and financial institutions, which would pay max. five million euros or 10% of their turnover in the previous year, whichever is larger.

In addition, the competent authority can issue a public warning to an obliged entity for an intentional or negligent breach of its other obligations.

Concluding Remarks

It is estimated in the Government Bill that there will be almost 70,000 obliged entities in Finland alone. These entities should, obviously, evaluate the obligations created by the new Act as well as their practical fulfilment. The Act will also be visible in the daily lives of each entity and citizen through the increasing number of requests for information from obliged entities.