ComplianceKeys#30. Compliance and Money laundering
Money laundering represents one of the main threats to the integrity of the financial system and the transparency of the economy. Its effects transcend the strictly criminal sphere, generating significant legal, reputational and operational risks.
Given the magnitude of this challenge, Compliance has consolidated itself as a key pillar in the fight against money laundering. This is not only because regulated entities must comply with current regulations, in particular Law 10/2010 of 28 April on the prevention of money laundering and terrorist financing (hereinafter Law 10/2010) and its implementing regulations, but also because this fight requires the integration of an ethical and regulatory Compliance culture into an organisation that requires its members to act in accordance with the highest standards of behaviour.
This article examines the obligations imposed on obliged entities under article 2 of Law 10/2010, as well as their integration within a comprehensive Compliance system.
What is understood by money laundering?
Money laundering constitutes a criminal offence under Spanish law and is codified in the Criminal Code (hereinafter, CC), specifically in Chapter XIV, Title XIII, Book II, Article 301.
Money laundering operates as a mechanism for introducing into legitimate financial circuits money or assets obtained through unlawful activities. This criminal offence encompasses a broad range of conducts consisting of the acquisition, possession, use, conversion, transfer or, in general, any act that conceals or disguises the illicit origin of assets derived from criminal activity. The purpose of such conduct is essentially twofold: on one hand, to conceal or disguise the unlawful origin of the assets; and, on the other, to give them an appearance of legality by integrating them into the financial system as though they originated from a legitimate source.
Furthermore, this criminal offence has recently been the subject of legislative attention. In March, the Spanish Government approved the Draft Bill aimed at penalising the breach of restrictive measures adopted by the European Union (hereinafter, the “EU”). This legislative initiative envisages an amendment to article 301 of the CC to impose the upper half of the applicable penalty range for the offences of receiving and money laundering when the assets originate from the breach of an EU restrictive measure. Likewise, this amendment will introduce a new catalogue of offences intended to safeguard the integrity and enforcement of the restrictive measures adopted by the EU, and it proposes the creation of a Joint Coordination Committee for the execution of such measures.
General obligations under anti-money laundering regulations.
Regulated entities must comply with the requirements and obligations arising from Law 10/2010 and its implementing regulations, which are set out below.
Firstly, due diligence measures must be adopted with regard to those counterparties (both natural and legal persons) with whom they intend to establish business relationships. The purpose of these measures is to identify and get to know the business partners of the obligated parties, in order to hinder money laundering activities. To this end, and depending on the risk presented by these transactions, simplified or enhanced due diligence measures must be applied. Thus, the greater the risk presented by a transaction or partner, the greater the diligence that must be applied.
Both enhanced and simplified due diligence measures must be integrated into Compliance systems through KYC procedures (Know Your Counterparty).
In the context of applying due diligence measures, when suspicious or unusual behaviour without an apparent lawful purpose is detected, the Law establishes the obligation to conduct a special examination of such behaviour, when there are indications of simulation or fraud (regardless of the amount of the transaction).
If, after carrying out this examination, reasonable doubts remain about the legality of the funds, or if there is sufficient evidence to suggest that the counterparty may be directly or indirectly linked to money laundering, the obliged entity must report this to the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offences (hereinafter SEPBLAC). SEPBLAC is the supervisory body and the main authority responsible for combating money laundering in Spain.
Once the report has been made, and except in the exceptional cases expressly provided for by law, the obligated party must refrain from executing any transaction related to the person or entity involved.
In this regard, regulated entities must adopt comprehensive internal policies and procedures that enable all members of the organisation to clearly understand how they should act in any of the situations covered by the regulations. The involvement of the Compliance function is essential, both to ensure that these guidelines strictly comply with the requirements of Law 10/2010 and its implementing regulations, and to guarantee that the procedural framework fully covers all relevant matters.
In addition to the internal regulations developed, a money laundering prevention manual must also be approved, containing information on the internal controls adopted and applied by the organisation.
In addition, the regulations impose the obligation to appoint a representative to SEPBLAC, who will be responsible for the organisation’s Compliance with its legal obligations. Similarly, an internal control body (commonly known as an OCI) must be created. This body must be made up of representatives from different business areas and will be responsible for implementing the internal policies and procedures developed.
The internal control measures adopted by the obligated parties will be subject to annual review by an external expert, and the results of this review will be included in a report assessing the internal control measures adopted, their effectiveness, and any applicable recommendations for improvement.
Finally, a training plan must be developed so that members of the organisation are aware of their obligations under Law 10/2010.
Although Law 10/2010 and its implementing regulations establish a framework of general obligations, their practical application requires specific adaptation to each sector and each business model. In fact, both regulations contain additional obligations and exceptions whose correct interpretation requires in-depth and specialised knowledge of the regulations, as well as of the risks inherent in each business activity.
Conclusions on money laundering and Compliance.
The prevention of money laundering cannot be understood today without a solid regulatory Compliance framework. Law 10/2010 establishes a set of obligations that not only seek to detect illegal transactions but also require regulated entities to take an active stance on control and supervision. In this context, Compliance is the backbone of the enhanced due diligence that must characterise regulated entities.
Since the introduction of article 31 bis of the CC, the criminal liability of legal persons has been directly linked to the existence of effective Compliance systems. In terms of money laundering, this means that only through rigorous implementation, documented and adapted to the risk profile of each organisation, will it be possible to claim exemption or mitigation of liability. Consequently, having a Compliance system in line with the requirements of Law 10/2010 is not a strategic option, but an unavoidable legal need for those who operate as regulated entities if they do not want to be sanctioned by SEPLAC.